Hmm. If so, that’s poor and confusing UI design for several reasons:
If Local Service Firewall rules apply First, then the UI for it should not be at the bottom of the firewall UI page. It should be located in front of (higher up) on the page than the Inbound Firewall Rules section.
The Help tag for Inbound Firewall Rules section needs to mention this. It currently reads:
This table displays all the configured inbound firewall rules and their details. Dragging a rule up/down can change its priority, higher position of a rule signifies higher precedence.
For every new inbound IP session routed to a host on the LAN (i.e. sessions coming from WAN side), rules will be matched from the top to bottom. The matching process stops when a rule is found to be matched.
The inbound firewall rules only apply to the following types of traffic:
- Inbound WAN 1 traffic where the WAN 1 is in drop-in mode
- Inbound traffic that is defined in Port Forwarding
- Inbound traffic that is defined in Inbound NAT Mappings
If an inbound IP session does not match any of the rules listed, the Default rule will be applied.
I would suggest adding the following to the help:
Note: Local Firewall Service Rules (such as VPN access…) rules are applied before these rules.
- The name itself, Local Service Firewall Rules is somewhat misleading - when I read “Local Service” my mind certainly does not jump immediately to “Remote VPN access”. “Local Service” sounds more like Bonjour or similar…