It is only accessible from my local network, why would I need to use a DROP policy?
Local address space does not necessary mean safe. Malicious script in browser can query sites on local network or untrusted program could inspect the network (Steam is doing this for example, and it's known to contain exploits.). Sure, your wifi with untrusted devices and applications is also on the same address space.
As of v4.0, this should no longer be a problem unless you choose to deviate from the new default blocking mode 949 and return to the IP-based mode 154. And the iptables rules mentioned in this article should not be needed.
So your problem is not there most likely. What's happening exactly? What's the environment? Is this a clean install? Try other blocking modes as well.