---
title: "Manage Chain Settings"
slug: "manage-nat-chain-settings"
updated: 2024-06-07T07:23:39Z
published: 2024-06-07T07:23:39Z
---

> ## Documentation Index
> Fetch the complete documentation index at: https://docs.zpesystems.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Manage NAT Chain Settings

To manage chain functions/settings, click on the name in the *Chain* column (displays dialog).

![](https://cdn.document360.io/763c5fb1-b9af-4ccd-9ad6-cf28ae4cd5a3/Images/Documentation/image-1678896447243.png)

Note: If you import a configuration for a chain through CLI, the rules defined for the specified chain(s) will be overridden by the imported configuration. For example, if you are importing configuration For the INPUT and OUTPUT chains, the FORWARD chain will not be changed, only the INPUT and OUTPUT chains are updated.

### Add Chain Setting (all Type selections)

1. Go to *Security :: NAT*.
2. In the *Chain* column, locate and click on the name (displays dialog).
3. Click **Add** (displays dialog). ![](https://cdn.document360.io/763c5fb1-b9af-4ccd-9ad6-cf28ae4cd5a3/Images/Documentation/image-1678897001143.png)
4. On *Target*menu:
  1. On **Target** drop-down, select one (ACCEPT, DNAT, REDIRECT, LOG, RETURN).
  2. Enter **Rule Number.**
  3. Enter **Description.**
5. On the *Match Options*menu:
  1. Enter **Source IP/Mask.**
  2. Select **Reverse match for source IP/mask** checkbox.
  3. Enter **Destination IP/Mask.**
  4. Enter **Source MAC Address.**
  5. Select **Reverse match for source MAC address** checkbox.  
  
Note: The Source MAC Address and Reverse Match for the source MAC Address fields are applicable only for Input, PREROUTING, and FORWARD chains.
  6. Select **Reverse match for destination IP/mask** checkbox.
  7. Select the required Input Interface from the drop-down list. (Any, lo, eth0, eth1).  
  
Note: The Source MAC Address and Reverse Match for the source MAC Address fields are applicable only for Input, PREROUTING, and FORWARD chains Select **Reverse match for the input interface** checkbox.
  8. Select **Enable State Match**checkbox (displays options – one or more can be selected):
    - **NEW** checkbox
    - **ESTABLISHED** checkbox
    - **RELATED** checkbox
    - **INVALID** checkbox
    - **SNAT** checkbox
    - **DNAT** checkbox
    - **Reverse state match** checkbox
6. On the **Fragments** drop-down, select one (All packets and fragments, Unfragmented packets and 1st packets, 2nd and further packets).  
(if **Type** selection: **DNAT**) Enter **To Destination**.![](https://cdn.document360.io/763c5fb1-b9af-4ccd-9ad6-cf28ae4cd5a3/Images/Documentation/image-1678897205997.png)
7. On the *Protocol*menu, select one:
  - **Numeric** radio button (expands dialog). Enter the **Protocol Number**. ![](https://cdn.document360.io/763c5fb1-b9af-4ccd-9ad6-cf28ae4cd5a3/Images/Documentation/image-1678897264857.png)
  - **TCP** radio button (expands dialog). ![](https://cdn.document360.io/763c5fb1-b9af-4ccd-9ad6-cf28ae4cd5a3/Images/Documentation/image-1678897287485.png)
    - Enter **Source Port.**
    - Enter **Destination Port.**
    - Enter ****To Ports.****
    - ****TCP Flag SYN**** drop-down, select one (Any, Set, Unset).
    - ****TCP Flag ACK**** drop-down, select one (Any, Set, Unset).****
    - ****TCP Flag FIN**** drop-down, select one (Any, Set, Unset).****
    - ****TCP Flag RST**** drop-down, select one (Any, Set, Unset).****
    - ****TCP Flag URG**** drop-down, select one (Any, Set, Unset).****
    - ****TCP Flag PSH**** drop-down, select one (Any, Set, Unset).
    - Select ****Reverse Match for the TCP Flags**** checkbox.
  - **UDP** radio button (expands dialog):  
![](https://cdn.document360.io/763c5fb1-b9af-4ccd-9ad6-cf28ae4cd5a3/Images/Documentation/image-1678897405349.png)
    - Enter **Source Port.**
    - Enter ****Destination Port.****
    - Enter ******To Ports.******
  - **ICMP** radio button (expands dialog):  
![](https://cdn.document360.io/763c5fb1-b9af-4ccd-9ad6-cf28ae4cd5a3/Images/Documentation/image-1678897998561.png)
    - On **ICMP Type** drop-down, select one.
    - Select **Reverse match for ICMP type** checkbox.
8. Select **Reverse match for the protocol** checkbox.
9. Select **Reverse match for the source port** checkbox.
10. Select **Reverse match for the destination port** checkbox.
11. On the *Log Options* menu (shows when **Type** selection: **LOG**).  
![](https://cdn.document360.io/763c5fb1-b9af-4ccd-9ad6-cf28ae4cd5a3/Images/Documentation/image-1678898108829.png)
  1. On the **Log Level** drop-down, select one (Debug, Info, Notice, Warning, Error, Critical, Alert, Emergency).
  2. Enter **Log Profile** (name of this profile).
  3. Select **Log TCP Sequence Numbers** checkbox.
  4. Select **Log Options From The TCP Packet Header** checkbox.
  5. Select **Log Options From The IP Packet Header** checkbox.
12. Click **Save**.

### Edit Chain Setting

1. Go to *Security :: NAT*.
2. In the *Chain* column, locate and click on the checkbox.
3. Click **Edit** (displays dialog).
4. Make changes, as needed.
5. Click **Save**.

### Delete Chain Setting

1. Go to *Security :: NAT*.
2. In the *Chain* column, locate and select the checkbox next to the name.
3. Click **Delete**.
4. On the confirmation dialog, click **OK**.

### Move Chain Up

1. Go to *Security :: NAT*.
2. In the *Chain* column, locate and select the checkbox on the name.
3. Click **Up** to move up.

### Move Chain Down

1. Go to *Security :: NAT*.
2. In the *Chain* column, locate and select the checkbox on the name.
3. Click **Down** to move down.