[Bug 272094] pfilctl IPFW hook order not works with PF route-to

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 272094] pfilctl IPFW hook order not works with PF route-to"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 21 Jun 2023 15:42:34 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272094

Franco Fichtner <franco@opnsense.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |franco@opnsense.org

--- Comment #6 from Franco Fichtner <franco@opnsense.org> ---
Two things here:

1. Having a netpfil facility accommodating for multiple packet filters at the
same time and saying you shouldn't mix it is not a good argument, because e.g.
the ordering between ipfw/pf is easily made deterministic with something like:

# pfctl -d                                                                
# pfctl -e

2. route-to's if_output is derived from OpenBSD where only one packet filter
exists.  There has been a proposal for several years to change that:

https://reviews.freebsd.org/D8877

It's practically been accepted back then, but was never merged. I have updated
code based on stable/13.  I am happy to rebase on main if someone can take this
on...


Cheers,
Franco

-- 
You are receiving this mail because:
You are on the CC list for the bug.