When a router forwards traffic between two interfaces (such as from LAN to WAN), it uses the forward chain. HTTP traffic initiated by users destined to external servers passes through this chain.
A.✘prerouting – Used mainly for routing decisions and NAT, not filtering.
B.✔forward – Used to filter transit traffic.
C.✘output – For traffic originating from the router itself.
D.✘input – For traffic destined to the router itself.
Extract from MTCNA Course Material – Firewall Chains:
“Client-to-server traffic, like browsing the web, passes through the forward chain when routed through the router.”
Extract from René Meneses Study Guide – Firewall Structure:
“To block or allow traffic passing through the router (LAN to Internet), use the forward chain.”
Extract from MikroTik Wiki – Firewall Filtering Overview:
“forward: filters all transit traffic routed through the router.”
===========
