vpp: T7972: Improve nat44 no-forwarding feature name and description in CLI

Author: natali-rs1985

docs/vpp/configuration/nat/nat44.rst

@@ -554,23 +554,22 @@ This setting helps prevent memory exhaustion and ensures predictable performance
    # Increase session limit for high-capacity deployment
    set vpp settings nat44 session-limit 100000
 
-Forwarding Behavior
+Processing Mode
 -------------------
 
-By default, VyOS NAT44 forwards packets that don't match any NAT rules according to the routing table. This behavior can be controlled:
+NAT44 processing behavior can be controlled using the processing-mode option. Choose how NAT44 treats packets that do not match any NAT rule:
 
-.. cfgcmd:: set vpp settings nat44 no-forwarding
+.. cfgcmd:: set vpp settings nat44 processing-mode <mode>
 
-   Disable forwarding of packets that don't match existing NAT translations. When enabled, only packets that match static or dynamic NAT rules will be processed; all other traffic will be dropped.
+The available processing modes are:
 
-.. important::
-
-   This is a significant difference from traditional NAT solutions. By default, VyOS NAT44 allows non-NAT traffic to be forwarded normally. Using ``no-forwarding`` creates a pure NAT-only device that drops any traffic not covered by NAT rules.
+- ``static-dynamic``: Process traffic by both static rules and dynamic NAT (default)
+- ``static-bypass``: Process traffic by static NAT rules only, pass without NAT if not matched
 
-**Use cases for no-forwarding:**
+**Use cases:**
 
-* **Pure NAT gateway**: When the router should only handle NAT traffic and drop everything else
-* **Security isolation**: Preventing any non-NAT traffic from traversing the device
+* **static-dynamic**: Use when you want dynamic translations created for unmatched inbound traffic so most flows get NATed
+* **static-bypass**: Use when NAT should apply only to explicitly configured static mappings and all other traffic must continue to be routed normally
 
 Worker Assignment
 -----------------