Router iptables structure (fw 4.0.0 +).
In category Routers .
mangle PREROUTING | \-> pre (WAN interfaces only) | |-> pre_ipsec - ACCEPT rules for IPsec tunnels | |-> pre_fw - RETURN/DROP rules based on "Firewall Configuration" | |-> pre_lim - RETURN/DROP rules based on "Firewall Configuration" | |-> pre_nat - ACCEPT rules based on "NAT Configuration" | \-> pre_sys - DROP rules for disabled essential system services nat PREROUTING | \-> pre (WAN interfaces only) | |-> pre_ipsec - DNAT rules for IPsec tunnels | |-> pre_nat - DNAT rules based on "NAT Configuration" | |-> pre_sys - ACCEPT/REDIRECT rules for enabled essential system services | |-> pre_srv - ACCEPT rules for enabled optional system services | | | |-> srv_... | |-> srv_... | \-> srv_... | |-> pre_mod - ACCEPT rules for installed user modules | | | |-> mod_... | |-> mod_... | \-> mod_... | \-> pre_def - DNAT rule based on "NAT Configuration" nat POSTROUTING | \-> post (WAN interfaces only) | |-> post_ipsec - ACCEPT/SNAT rules for IPsec tunnels | \-> post_msq - MASQUERADE rule based on "NAT Configuration" filter INPUT | \-> in | |-> in_sys - ACCEPT rules for all essential system services | |-> in_srv - ACCEPT rules for enabled optional system services | | | |-> srv_... | |-> srv_... | \-> srv_... | \-> in_mod - ACCEPT rules for installed Router Apps | |-> mod_... |-> mod_... \-> mod_... filter FORWARD | \-> fwd | |-> fwd_sys - rules for all essential system services | |-> fwd_fw - ACCEPT/DROP rules based on "Firewall Configuration" | \-> fwd_mod - rules for installed Router Apps | |-> mod_... |-> mod_... \-> mod_...
