I have some doubts regarding some fields of the web interface.
In Status / Connections the field “Expires” that shows, for example, 119: 59: 59 what does it mean?
And in Log / Fw Log (…) the DNAT string field, what does it mean? Because I have some countries blocked but it marks me DNAT and not DROP_INPUT. Yes, it is true that the countries that I have allowed, I get DNAT and the next log is FORWARD, so this one does redirect it, but I would like to know why in the ones I have blocked it also shows me DNAT.
The format of this field is ‘h:mm:ss’ (and should be described this way).
Thanks! And… what about DNAT? Why not DROP_INPUT if this port (country) is locked?
Sorry. I didn’t investigate this, yet.
Update: I just looked at your DNAT case.
I think you mean the output of ‘Details’ for a specific IP.
The column ‘Chain’ gives the log comment of the rule ( usually the chain that logs ). So if you log the DNAT rule but not the blocking taking place afterwards, you only see the DNAT event.
BTW: the name ‘Firewall log’ is bit confusing. This page doesn’t show the firewall blocking, but the logged events.