I have port forwarding working. Internet can hit the WAN interface and both HTTP and HTTPS forward to the internal web server.
However, I am concerned that the port forwarding might take precedent over my manual rules including GeoIP blocking. So I created a manual rule temporarily to see if it would block port forwarding. It does not. The docs say that the automatic port forward rules are to be applied last. That does not appear to be the case.
Ideas?
Screenshot of the rules for the WAN interface: