upstream/opnsense-docs
1
0
Fork 0
mirror of https://github.com/opnsense/docs.git synced 2026-05-28 04:02:12 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

firewall/nat: Explain filter rule association in nat.rst (#657)

Browse source
This commit is contained in:
Monviech 2025-01-23 13:31:05 +01:00 committed by GitHub
parent ee68bf55f8
commit 65bad4414b
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 43 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

43
source/manual/nat.rst
View file

@ -91,6 +91,49 @@ Filter rule association Associate this with a regular firewall rule.
For example, a transparent proxy that handles HTTP traffic needs a rule that forwards traffic from TCP port 80,
IPv4 to 127.0.0.1:3128 (in the default configuration).
Filter rule association
-----------------------
This option controls the creation of linked filter rules in :menuselection:`Firewall --> Rules`.
.. tabs::
.. tab:: Pass
A linked filter rule will be automatically added and updated. This rule cannot be seen or edited in
:menuselection:`Firewall --> Rules`.
.. Tip::
This option is recommended for simple setups.
.. tab:: None
Choose this if you want to create your own :menuselection:`Firewall --> Rules` manually. No linked filter rule is created.
.. tab:: Add associated filter rule
Adds a linked filter rule in :menuselection:`Firewall --> Rules` that is automatically updated when the NAT rule is updated.
The created filter rule cannot be manually edited. Ensure setting a `Description` in the NAT rule, the filter rule will share it.
This option is the same as `Pass`, but makes the filter rule visible in :menuselection:`Firewall --> Rules`.
.. Note::
If multiple `Interfaces` are selected in the :menuselection:`Firewall --> NAT --> Port Forward` rule, the filter rule will
appear in :menuselection:`Firewall --> Rules --> Floating`.
.. tab:: Add unassociated filter rule
Adds a filter rule **once** that is **not** linked to this NAT rule. The created filter rule can be edited manually, it will never
be updated when changing the NAT rule. Ensure setting a `Description` in the NAT rule, the filter rule will set it once.
.. Note::
This option is recommended for more comple setups, like Port Forward rules on VPN interfaces.
The filter rule can be edited and features like `reply-to` disabled.
----------
One-to-one
----------