Date: Mon, 12 Sep 2016 09:59:06 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 212331] pfil processing order Message-ID: <bug-212331-2472-Bk4yvhNP0l@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-212331-2472@https.bugs.freebsd.org/bugzilla/> References: <bug-212331-2472@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D212331 --- Comment #8 from srijannandi <srijan.nandi@gmail.com> --- ipfw is doing it's job perfectly well. It's just that I use ipfw for bandwi= dth shaping and also have captive portal running on ipfw. Rest all firewall'ing= and nat'ting features are used in pf. So, I have ipfw processing packets destined to port 80. As soon as it recei= ves a packet for destination port 80, it throws the user a captive portal login page. The user than logs in using his/her username and password. After which the packet is marked as authenticated and passed on to pf for further processing. pf then allows or denies the traffic as per the rule configured. This works fine, without issues. As soon as I enable a route-to rule in pf to pass this traffic via a specif= ic gateway, then when a packet is received by FreeBSD for destination port 80, ipfw no longer comes into picture and pf shorts this packet and start processing it. Therefore, in this scenario, I no longer get the captive por= tal page. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-212331-2472-Bk4yvhNP0l>