I noticed that NAT rules seem to bypass any firewall (in) rules. I wanted to restrict access to a forwarding to a certain IP set, but even a drop all for the specific port doesn't seem to do anything. I assume this was implemented to make NAT easy to use (not having to build an exception into drop all by default rules), but is there any way to undo this?
↧