Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

firewall/nat: Explain filter rule association in nat.rst #657

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

firewall/nat: Explain filter rule association in nat.rst #657

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
e949dca
firewall/nat: Explain filter rule association in nat.rst
Monviech Jan 9, 2025
6d2485a
firewall/nat: Explain filter rule association in nat.rst
Monviech Jan 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 43 additions & 0 deletions source/manual/nat.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,49 @@ Filter rule association Associate this with a regular firewall rule.
For example, a transparent proxy that handles HTTP traffic needs a rule that forwards traffic from TCP port 80,
IPv4 to 127.0.0.1:3128 (in the default configuration).


Filter rule association
-----------------------

This option controls the creation of linked filter rules in :menuselection:`Firewall --> Rules`.

.. tabs::

.. tab:: Pass

A linked filter rule will be automatically added and updated. This rule cannot be seen or edited in
:menuselection:`Firewall --> Rules`.

.. Tip::

This option is recommended for simple setups.

.. tab:: None

Choose this if you want to create your own :menuselection:`Firewall --> Rules` manually. No linked filter rule is created.

.. tab:: Add associated filter rule

Adds a linked filter rule in :menuselection:`Firewall --> Rules` that is automatically updated when the NAT rule is updated.
The created filter rule cannot be manually edited. Ensure setting a `Description` in the NAT rule, the filter rule will share it.
This option is the same as `Pass`, but makes the filter rule visible in :menuselection:`Firewall --> Rules`.

.. Note::

If multiple `Interfaces` are selected in the :menuselection:`Firewall --> NAT --> Port Forward` rule, the filter rule will
appear in :menuselection:`Firewall --> Rules --> Floating`.

.. tab:: Add unassociated filter rule

Adds a filter rule **once** that is **not** linked to this NAT rule. The created filter rule can be edited manually, it will never
be updated when changing the NAT rule. Ensure setting a `Description` in the NAT rule, the filter rule will set it once.

.. Note::

This option is recommended for more comple setups, like Port Forward rules on VPN interfaces.
The filter rule can be edited and features like `reply-to` disabled.


----------
One-to-one
----------
Expand Down