In the firewall (using WebFig), the first item in the forward chain is a “special dummy rule to show fasttrack counters”. If I open it, I see that it is in “forward” chain and the action is “passthrough” and nothing else is set.
So I assume any traffic that goes through the forward box in the flowchart is counted AND given to the next step.
What I did, I also added a new rule, right after this one and set it exactly to the same settings, i.e. forward, passthrough and nothing else. So I would expect that every traffic from the first rule also hits this one and again, only counted and passed on to the next rule.
Strangely enough I see totally different Bytes numbers for the two rules.
The one I see in my rule is in line with the subsequent forward rules, so I can see what happens to the bytes that go through my rule. On the built in rule I see often a much larger number and I do not understand what it counts.
Fasttracked traffic is hit your line once, when is not yet fasttracked. And during the lifetime of the connection, some traffic is also put trough the slow path to see if the connection is still valid.
Fastrack, only established traffic so to have it go one time the slow path through the roter before it get assigned a fast path to skip the firewall ‘completely’ for the rest of the connection.
It’s worth to mention that the rule is added automatically and hence its full properties are not known, tbere might be some bits not shown in its property list. As stated in comment it’s dummy and might be just a hook into fasttrack driver, not a real firewall filter.
Thus it’s probably impossible to manually replicate that rule.
Thanks, it is still a bit confusing though.
Why do the show it under firewall rules, if it behaves in a a “special” way? It could be either shown elsewhere (“traffic not touching the firewall”) or e.g. I could imagine a parameter in the rule settings called like “fasttrackable” or “connection fasttracked” and the corresponding action would be Accept or a new type “Fasttrack”, indicating that that traffic is not reaching further down the list.
If you are looking for the connection look in connections to find the ones with an F in the status (first one).
If you are looking in the firewall screens for traffic that passing through you will see no Fasttracked traffic. You then think, got traffic but the counters don’t add. This dummy lines are just indicators that traffic is flowing but not visible in rule counters. You can’t switch off these dummy rules unless you disable fastracking and fastpath. The dummy lines will be removed on the next reboot.
When fasttracking is off then many routers will max out at about 200Mbit/s or lower while forwarding. Fasttracking is a calculated trick to have more speed at less processor power.
As I wrote before, fasttracked traffic does not hit the firewall and putting an accept or drop in has no effect once fasttracked. The indication for traffic not hitting the firewall you can see in the name Dummy in those lines. You see something that is not complete/really present.