Hi Guys, I have setup one firewall machines with two interfaces one on public zone and one in internal zone. i created a new policy with ingress internal and egress public and enabled masquerade on it. if i enable masquerade on zone public as normal i works the issue is it does not work with policies. Bellow is my config so far: [root@FW1 ~]# firewall-cmd --list-all-policies allow-host-ipv6 (active) priority: -15000 target: CONTINUE ingress-zones: ANY egress-zones: HOST services: ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule family="ipv6" icmp-type name="neighbour-advertisement" accept rule family="ipv6" icmp-type name="neighbour-solicitation" accept rule family="ipv6" icmp-type name="router-advertisement" accept rule family="ipv6" icmp-type name="redirect" accept brenda2jashte (active) priority: -500 target: CONTINUE ingress-zones: internal egress-zones: public services: ports: protocols: masquerade: yes forward-ports: source-ports: icmp-blocks: rich rules: [root@FW1 ~]# public (active) target: default icmp-block-inversion: no interfaces: enp1s0 sources: services: cockpit dhcpv6-client ssh ports: protocols: forward: yes masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: internal (active) target: default icmp-block-inversion: no interfaces: enp7s0 sources: services: cockpit dhcpv6-client mdns samba-client ssh ports: protocols: forward: yes masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: i am using the info from: https://firewalld.org/2020/09/policy-objects-introduction https://firewalld.org/2021/06/the-upcoming-1-0-0 Please can someone help out. first time i am trying to do NAT with policies Tim