Policy rules belong to the object "Policy", which is a child object of
the firewall and can be found in the tree right below it. As any other
object in Firewall Builder, Policy object has some attributes that you
can edit if you double click on it in the tree.
- Policy can be either IPv4, or IPv4 or combined IPv4 and IPv6. In
the latter case you can use a mix of IPv4 and IPv6 addess objects in
the same policy (in different rules) and Firewall Builder will
automatically figure out which one is which and will sort them out.
- Policy can trabslate into only mangle table, or a combination of
filter and mangle tables. Again, in the latter case policy compiler
decides which table to use based on the rule action and service
object. Some actions, such as "Tag" (translates into iptables target
MARK) go into mangle table.
- "Top ruleset" means that compiler will place generated iptables
rules into built-in chains INPUT/OUTPUT/FORWARD. If policy is not
marked as "top ruleset", generated rules will go into user-defined
chain with the name the same as the name of the policy object.
