DNAT Rules - any difference between limiting source via NAT or firewall rules?


This is for setting up port forwarding via DNAT rules.

I noticed you can setup rules to limit source addresses either in the NAT rule section, or in the firewall rule you create to allow it in.

Is there any difference between doing it in the two places? Are there best practices on where you should do it?

My personal opinion (possibly erroneous).
Use the right tools.
If the goal is to filter traffic - use Firewall
If the goal is to translate addresses - use NAT