Operations flow.

In the diagram above, you can find the main function calls related to IPFIRE work. Note that in prerouting and output one can destination translate, while in post routing one can only source translate. Filtering can be applied in input, output and forward. Interaction with IPFIRE-wall will be improved by the graphical user interface that Mauro Francesconi is going to develop.
Main calls are done in ipfi.c, while filtering functions are found in ipfi_machine.c and translation functions in ipfi_translation.c. iph_in_get_response() is instead found in ipfi_netl.c for historical reasons (IPFIRE-wall was first intended to work in userspace). Feel free to contact me for any other explanation.