From e949dca6506bba708e6905bc1f6a255b65073adc Mon Sep 17 00:00:00 2001 From: Monviech Date: Thu, 9 Jan 2025 13:32:05 +0100 Subject: [PATCH 1/2] firewall/nat: Explain filter rule association in nat.rst --- source/manual/nat.rst | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/source/manual/nat.rst b/source/manual/nat.rst index 127192d6..75937bd9 100644 --- a/source/manual/nat.rst +++ b/source/manual/nat.rst @@ -91,6 +91,49 @@ Filter rule association Associate this with a regular firewall rule. For example, a transparent proxy that handles HTTP traffic needs a rule that forwards traffic from TCP port 80, IPv4 to 127.0.0.1:3128 (in the default configuration). + +Filter rule association +----------------------- + +This option controls the creation of linked filter rules in :menuselection:`Firewall --> Rules`. + +.. tabs:: + + .. tab:: Pass + + An linked filter rule will be automatically added and updated. This rule cannot be seen or edited in + :menuselection:`Firewall --> Rules`. + + .. Tip:: + + This option is recommended for simple setups. + + .. tab:: None + + Choose this if you want to create your own :menuselection:`Firewall --> Rules` manually. No linked filter rule is created. + + .. tab:: Add associated filter rule + + Adds a linked :menuselection:`Firewall --> Rules` rule that is automatically updated when the NAT rule is updated. + The created filter rule cannot be manually edited. Ensure setting a `Description` in the NAT rule, the filter rule will share it. + This option is the same as `Pass`, but makes the filter rule visible in :menuselection:`Firewall --> Rules`. + + .. Note:: + + If multiple `Interfaces` are selected in the :menuselection:`Firewall --> NAT --> Port Forward` rule, the filter rule will + appear in :menuselection:`Firewall --> Rules --> Floating`. + + .. tab:: Add unassociated filter rule + + Adds a filter rule **once** that is **not** linked to the NAT rule. The created filter rule can be edited manually, it will never + be updated when changing the NAT rule. Ensure setting a `Description` in the NAT rule, the filter rule will set it once. + + .. Note:: + + This option is recommended for more comple setups, like Port Forward rules on VPN interfaces. + The rule can be edited and features like `reply-to` disabled. + + ---------- One-to-one ---------- From 6d2485a76968940da35a7ef386f2fe4cea17ad3c Mon Sep 17 00:00:00 2001 From: Monviech Date: Thu, 9 Jan 2025 13:38:43 +0100 Subject: [PATCH 2/2] firewall/nat: Explain filter rule association in nat.rst --- source/manual/nat.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/source/manual/nat.rst b/source/manual/nat.rst index 75937bd9..358cf3cb 100644 --- a/source/manual/nat.rst +++ b/source/manual/nat.rst @@ -101,7 +101,7 @@ This option controls the creation of linked filter rules in :menuselection:`Fire .. tab:: Pass - An linked filter rule will be automatically added and updated. This rule cannot be seen or edited in + A linked filter rule will be automatically added and updated. This rule cannot be seen or edited in :menuselection:`Firewall --> Rules`. .. Tip:: @@ -114,7 +114,7 @@ This option controls the creation of linked filter rules in :menuselection:`Fire .. tab:: Add associated filter rule - Adds a linked :menuselection:`Firewall --> Rules` rule that is automatically updated when the NAT rule is updated. + Adds a linked filter rule in :menuselection:`Firewall --> Rules` that is automatically updated when the NAT rule is updated. The created filter rule cannot be manually edited. Ensure setting a `Description` in the NAT rule, the filter rule will share it. This option is the same as `Pass`, but makes the filter rule visible in :menuselection:`Firewall --> Rules`. @@ -125,13 +125,13 @@ This option controls the creation of linked filter rules in :menuselection:`Fire .. tab:: Add unassociated filter rule - Adds a filter rule **once** that is **not** linked to the NAT rule. The created filter rule can be edited manually, it will never + Adds a filter rule **once** that is **not** linked to this NAT rule. The created filter rule can be edited manually, it will never be updated when changing the NAT rule. Ensure setting a `Description` in the NAT rule, the filter rule will set it once. .. Note:: This option is recommended for more comple setups, like Port Forward rules on VPN interfaces. - The rule can be edited and features like `reply-to` disabled. + The filter rule can be edited and features like `reply-to` disabled. ----------