[Bug 212331] pfil processing order
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Sep 12 09:59:06 UTC 2016
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=212331
--- Comment #8 from srijannandi <srijan.nandi at gmail.com> ---
ipfw is doing it's job perfectly well. It's just that I use ipfw for bandwidth
shaping and also have captive portal running on ipfw. Rest all firewall'ing and
nat'ting features are used in pf.
So, I have ipfw processing packets destined to port 80. As soon as it receives
a packet for destination port 80, it throws the user a captive portal login
page. The user than logs in using his/her username and password. After which
the packet is marked as authenticated and passed on to pf for further
processing. pf then allows or denies the traffic as per the rule configured.
This works fine, without issues.
As soon as I enable a route-to rule in pf to pass this traffic via a specific
gateway, then when a packet is received by FreeBSD for destination port 80,
ipfw no longer comes into picture and pf shorts this packet and start
processing it. Therefore, in this scenario, I no longer get the captive portal
page.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-net
mailing list