What we’ve created above are 3 simple rules, however, they are quite powerful because now access is only allowed from your country.
Let’s go through them one by one. Once you have an understanding of how this works, you’ll be able to create more rules very easily.
Here goes…
If you are on your LAN (inside your house) and you try to access your NAS
The firewall will start examining the rules. It’ll find that the first rule applies. It will grant you access and QUITS going down the list. Note that the router is not involved here. And by the way, 192.168.10.0 means the whole subnet (yes, it’s that zero at the end). So any device inside the lan can access the NAS.
If you’re anywhere In the U.S. coming through WAN. The router will forward your request to the NAS, the firewall starts examining the rules. The first one does not apply, the 2nd rule applies, It grants you access and QUITS going down the list.
Some lowlife Martian sitting in a Starbucks on the dark side of the moon, tries accessing your NAS. The router forwards the request to the NAS, the firewall starts examining the rules. The first rule does not apply, the second one does not apply, the third one says deny all. It blocks him.
Did you notice that when the firewall finds a match it quits going down the list?
This is a very important observation to make and concludes that the order of the rules in the list is important too.
There’s room for refinement even with the above 3 simple rules. for example, at the moment, we are accepting all ports, we are not worried though because your router as of now is not forwarding other than 5000 and 5001 (as I understood). However, it’s something to keep in mind when you open more ports on the router.
I hope this helps with glueing everything together.