Convert between floating and interface (group) rules?

Started by narubby_star, September 25, 2025, 12:40:56 PM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
September 27, 2025, 10:43:48 AM #15
You're welcome, let me know, if you found something out!
I will also test this (+ WAN restricting via interface OUT rule) later on, after having re-organized some of my other setup.
October 01, 2025, 02:16:54 AM #16
Good convo here.

I understood the point that NAT rules with filter rule association set to "Pass" will override interface-level blocks.  But I'm confused about why floating rule blocks would still work.

As Patrick said:

Quote from: Patrick M. Hausen on September 25, 2025, 08:06:23 PMFloating > Groups > Interface

But at every single stage:

NAT > filter

If NAT always comes before Floating, then wouldn't the same issue be there as with interface rules?

Sorry for rehashing.  I think it's important to understand this.  Thanks!
October 01, 2025, 08:51:16 AM #17
NAT on an interface comes before filter on an interface. Floating comes before interface. So floating filter - interface NAT - interface filter ...
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
October 01, 2025, 01:45:46 PM #18
Quote from: Patrick M. Hausen on October 01, 2025, 08:51:16 AMSo floating filter - interface NAT - interface filter ...

I'm putting that on a sticky note above my monitor!
October 01, 2025, 11:04:54 PM #19
Perfect, thanks!
Print
Go Up Pages 1 2
User actions