How did this firewall rule get created?

[road hazard]

In the Firewall>NAT section, I created a rule to allow Plex to work. Inbound 32400 and everything is working just fine.

Then, I duplicated that rule and created one for Emby in the same section. Again, no problem.

The weird thing (to me at least and probably due to my lack of understanding and general newbie'ness) is.... I spotted the Emby rule in the Firewall>Rules>WAN section. I didn't create an Emby rule in that section and it looks like OPNsense populated it there by itself?

BTW, how can I embed my pictures into the post vs. having them as attachments? (If I can figure that out, I'll edit my post. :) Or embedding only work when you link to pictures hosted off-site?

[Demusman]

Bottom of the NAT you created.

[road hazard]

Ok... thanks for pointing that out (makes sense now) but here's what I still don't understand.

The first NAT>Port Forward rule I created was for Plex and the 'filter rule association' was set for 'pass' and an associated rule wasn't created in Firewall>Rules>WAN. (Expected behavior.)

When I duplicated that rule and changed the name to 'Emby' and switched the port #, I don't recall what I picked for 'filter rule association'.

When i edited the original Plex rule, I had the following options for the filter section:
none, pass and Emby rule (Odd that it had 'Emby rule' as an option?!)

I deleted the Emby rule from the NAT>Port Forward section and that auto-deleted the Firewall>Rules>WAN rule and this time around, I didn't duplicate the Plex rule but created a new one for Emby.

Something weird though.... for both rules, I only have the options of 'none' or 'pass' for the associated rule section. I don't see an 'Add associated filter rule' option. That a problem?

As it is, Plex and Emby appear to be working perfectly fine without associated rules in the Firewall>Rules>WAN section. Should I leave things alone or create associated rules in there for each?