I just noticed the Setting button on the General tab of Network Center's Port Forwarding page.
Throwing caution to the wind I clicked it and found three options. Two are for UPnP and I have UPnP disabled, but the third, when enabled, will auto-generate firewall rules for the port-forwarders.
I would say that most times this is useful provided you normally want to accept any source IP communicating with the local destination. It's easy to add a restrictive rule and then an any/any/deny below it which will stop the auto-rule from being hit. Of my port-forwarders I've got one out of nine rules that I do this. But if you normally apply restrictions to port-forwarded service then disabling this Settings option is probably a good thing to keep the firewall policy clean.
I have lots of restriction rules at the top of my firewall policy that does the pre-filtering for all services.
Throwing caution to the wind I clicked it and found three options. Two are for UPnP and I have UPnP disabled, but the third, when enabled, will auto-generate firewall rules for the port-forwarders.
I would say that most times this is useful provided you normally want to accept any source IP communicating with the local destination. It's easy to add a restrictive rule and then an any/any/deny below it which will stop the auto-rule from being hit. Of my port-forwarders I've got one out of nine rules that I do this. But if you normally apply restrictions to port-forwarded service then disabling this Settings option is probably a good thing to keep the firewall policy clean.
I have lots of restriction rules at the top of my firewall policy that does the pre-filtering for all services.