iptables not dropping with all chain policies set to DROP and only SSH accepted

Question

I have a service running on port 8080 on a raspberry pi with hostname rpi in my local network.

I want to configure iptables to disallow ANY connection except SSH, so my config looks like this:

Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     tcp  --  localhost            anywhere             tcp dpt:ssh

Chain FORWARD (policy DROP)
target     prot opt source               destination

Chain OUTPUT (policy DROP)
target     prot opt source               destination

However I am still able to access the service hosted on port 8080 (rpi:8080) with any device inside the local network.