Date: Tue, 20 Jun 2023 14:37:46 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 272094] pfilctl IPFW hook order not works with PF route-to Message-ID: <bug-272094-227-HwYXx6z2gp@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-272094-227@https.bugs.freebsd.org/bugzilla/> References: <bug-272094-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D272094 --- Comment #1 from Kristof Provost <kp@freebsd.org> --- > I am currently using both IPFW and PF at the same time. But some will say= this is a bad idea. Mostly because it is. As far as I'm concerned that's not a supported configuration. Maybe you can make it work, maybe not. Either way you get to keep all of the pieces, at no extra charge! > I think the packets that first hit PF route-to are sent directly to the o= utput interface. Correct. pf_route() calls ifp->if_output() directly and the packet will not= be seen by another firewall. This is one of the many reasons that running mult= iple firewalls at the same time is not recommended. You may be interested to learn that from FreeBSD 14 onwards (i.e. current m= ain) you can use dummynet with pf, and can also do basic layer 2 filtering with = pf. No doubt it's also possible to implement captive portal entirely with ipfw. tl;dr: You're on your own with this. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-272094-227-HwYXx6z2gp>