Hi
In the documentation for TNSR, it's stated that ACL rules are always processed before NAT on interfaces where NAT is applied, in any direction.
However, in my testing scenario, I've observed that packets first pass through the acl-plugin-in-ip4-fa node, then through the nodes related to nat44, and finally through acl-plugin-out-ip4-fa.
Could someone please clarify whether this behavior aligns with the documented behavior, or if there might be other factors affecting the processing order of ACL and NAT rules?
I'd appreciate any insights or explanations on this matter.