Hi there!
I have some doubts regarding some fields of the web interface.
In Status / Connections the field “Expires” that shows, for example, 119: 59: 59 what does it mean?
And in Log / Fw Log (…) the DNAT string field, what does it mean? Because I have some countries blocked but it marks me DNAT and not DROP_INPUT. Yes, it is true that the countries that I have allowed, I get DNAT and the next log is FORWARD, so this one does redirect it, but I would like to know why in the ones I have blocked it also shows me DNAT.
Thanks
Update: I just looked at your DNAT case.
I think you mean the output of ‘Details’ for a specific IP.
The column ‘Chain’ gives the log comment of the rule ( usually the chain that logs ). So if you log the DNAT rule but not the blocking taking place afterwards, you only see the DNAT event.
BTW: the name ‘Firewall log’ is bit confusing. This page doesn’t show the firewall blocking, but the logged events.