Cisco Firepower has a flowchart that shows the order of how packets get processed as it traverses the different processes in the firewall. I have not seen anything like this in Alta documentation but may have missed it. Does anyone have any links that might shed some light on what order things get processed like is ipban before or after IPS etc?
I’m guessing its something like:
Ingress Interface
↓
Conntrack (raw)
↓
Suricata inspection (IDS/IPS)
↓
iptables firewall rules
↓
Dynamic blocklist (IPBan rules in filter table)
↓
NAT
↓
Routing
↓
Egress