Hello,
I am a noob and a bit confused by the filter chain traversal of the packets of the hotspot authenticated clients.
In a normal basic setup, the packets not directly destined to or originated from the router traverse the FORWARD chain. So basically packets to and from clients traverse the FORWARD chain, regardless of protocol, port, etc
What happens with the packets to/from authenticated clients of a hotspot? What is then the equivalent of the FORWARD chain? For example if I want to set some layer 7 filter rules (which have to "see" both sides of a connection) applicable to my hotspot authenticated clients, where should I place them?