From owner-freebsd-pf@FreeBSD.ORG Sat Jul 21 22:18:07 2012 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CF648106566B for ; Sat, 21 Jul 2012 22:18:07 +0000 (UTC) (envelope-from bc979@lafn.org) Received: from zoom.lafn.org (zoom.lafn.org [108.92.93.123]) by mx1.freebsd.org (Postfix) with ESMTP id 5CFA08FC0A for ; Sat, 21 Jul 2012 22:18:07 +0000 (UTC) Received: from [10.0.1.2] (pool-98-112-217-228.lsanca.fios.verizon.net [98.112.217.228]) (authenticated bits=0) by zoom.lafn.org (8.14.3/8.14.2) with ESMTP id q6LM6gD7025359; Sat, 21 Jul 2012 15:06:45 -0700 (PDT) (envelope-from bc979@lafn.org) Mime-Version: 1.0 (Apple Message framework v1278) Content-Type: text/plain; charset=us-ascii From: Doug Hardie In-Reply-To: <20120721182316.GA32530@insomnia.benzedrine.cx> Date: Sat, 21 Jul 2012 15:06:42 -0700 Content-Transfer-Encoding: quoted-printable Message-Id: References: <500826BD.3070602@interazioni.it> <9EB23F6C23A8B6488E8BCC92A48E83264BB4D26F80@PEMEXMBXVS04.jellyfishnet.co.uk.local> <500AB340.2040405@interazioni.it> <9EB23F6C23A8B6488E8BCC92A48E83264BB4D27241@PEMEXMBXVS04.jellyfishnet.co.uk.local> <500AC91F.9090907@interazioni.it> <20120721182316.GA32530@insomnia.benzedrine.cx> To: Daniel Hartmeier X-Mailer: Apple Mail (2.1278) X-Virus-Scanned: clamav-milter 0.97 at zoom.lafn.org X-Virus-Status: Clean Cc: Greg Hennessy , "freebsd-pf@freebsd.org" Subject: Re: Question on packet filter using in and out interfaces X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Jul 2012 22:18:07 -0000 That is a very helpful diagram. There are two aspects that I don't see = directly addressed. 1. For packets ultimately delivered to processes on the system pf is = running on, I suspect they get to the Kernel Processing box and then are = directly delivered to the receiving process. The out phase is not used. 2. For packets redirected to addresses at 127.0.0.1, would they go = through the out phase and then back in the in phase and be delivered = during the Kernel Processing as above. On 21 July 2012, at 11:23, Daniel Hartmeier wrote: > On Sat, Jul 21, 2012 at 05:22:07PM +0200, Tonix (Antonio Nati) wrote: >=20 >> If you can provide a link to this PF diagram it would be very useful. >=20 > A copy is preserved on http://www.benzedrine.cx/pf_flow.png >=20 > Yes, there are two phases. >=20 > HTH, > Daniel > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >=20