Firewall Phases and Actions
Chapter 4: Firewall Phases and Actions
Do Not Redirect (default action)
Traffic that matches a 'do not redirect' rule is passed unaltered to the filtering phase. This is the also the default action if no rules are matched. A 'do not redirect' rule only needs to be explicitly given if you have a more general 'redirect' rule that you wish to override for a specific case.
Normally, all 'drop' rules are placed in the Filtering phase. The only circumstance where 'drop' rules should be placed in the Redirection phase is where you need to block a specific case of traffic that would otherwise match a more general 'redirect' rule, and need to specify it on the basis of its original destination address.
- Drop (Default Action)
An 'auto-masquerade' rule acts like a manual 'masquerade' rule, but you do not need to specify an address. An address appropriate to the interface on which the traffic leaves the firewall is automatically chosen.
Do Not Masquerade (Default Action)
Traffic that matches a 'do not masquerade' leaves the firewall unaltered. This is the also the default action if no rules are matched. A 'do not masquerade' rule only needs to be explicitly given if you have a more general 'masquerade' or 'auto-masquerade' rule that you wish to override for a specific case.