RDR action where incoming connection should be blocked or passed

[JohnnyBeee]

OPNsense 20.1.4-amd64
FreeBSD 11.2-RELEASE-p18-HBSD
OpenSSL 1.1.1f 31 Mar 2020

Hi guys.

I am facing some strange issue with Firewall rules and I wish someone could help me understand.

1) On my WAN interface I have rules (at the top of the list)  that forbid incoming connections from unsafe countries, incoming to unsafe countries and out to unsafe countries. (unsafe countries being a GeoIP alias).
2) On the WAN interface I also have a rule that allows incoming connections to my email server (further down on the rules list)

3) Now occasionally I get RDR entries in the firewall log like this:
__timestamp__   May 8 16:17:10
ack   
action   [rdr]
anchorname   
datalen   0
dir   [in]
dst   192.168.1.43
dstport   25
ecn   
id   24082
interface   igb0
ipflags   none
length   40
offset   0
proto   6
protoname   tcp
reason   match
ridentifier   0
rulenr   15
seq   1031579698
src   195.54.166.3
srcport   43265
subrulenr   
tcpflags   S
tcpopts   
tos   0x0
ttl   245
urp   1024
version   4

4) Now there are 2 issues:
a) The incoming IP is from an unsafe country (Russia) and shouldn't be let through in the first place
b) Even if for some reason the IP's location would not be identified as from some unsafe country, why do I get an [rdr] action instead of a [pass] action?

5) I am not as tech savvy as it may seem so I would appreciate it if someone could explain
a) What does this [rdr] action mean in this case? Was the connection allowed? (and if yes, why?)
b) How can I identify this rule  (ridentifier   0, rulenr   15, right?) in the GUI where no rule identifier or number can be seen?

Any help with this would be greatly appreciated.