Date: Sat, 21 Jul 2012 15:06:42 -0700 From: Doug Hardie <bc979@lafn.org> To: Daniel Hartmeier <daniel@benzedrine.cx> Cc: Greg Hennessy <Greg.Hennessy@nviz.net>, "freebsd-pf@freebsd.org" <freebsd-pf@freebsd.org> Subject: Re: Question on packet filter using in and out interfaces Message-ID: <D6D4B584-0BF6-4996-A8B9-E8BB094A54D5@lafn.org> In-Reply-To: <20120721182316.GA32530@insomnia.benzedrine.cx> References: <500826BD.3070602@interazioni.it> <9EB23F6C23A8B6488E8BCC92A48E83264BB4D26F80@PEMEXMBXVS04.jellyfishnet.co.uk.local> <500AB340.2040405@interazioni.it> <9EB23F6C23A8B6488E8BCC92A48E83264BB4D27241@PEMEXMBXVS04.jellyfishnet.co.uk.local> <500AC91F.9090907@interazioni.it> <20120721182316.GA32530@insomnia.benzedrine.cx>
next in thread | previous in thread | raw e-mail | index | archive | help
That is a very helpful diagram. There are two aspects that I don't see = directly addressed. 1. For packets ultimately delivered to processes on the system pf is = running on, I suspect they get to the Kernel Processing box and then are = directly delivered to the receiving process. The out phase is not used. 2. For packets redirected to addresses at 127.0.0.1, would they go = through the out phase and then back in the in phase and be delivered = during the Kernel Processing as above. On 21 July 2012, at 11:23, Daniel Hartmeier wrote: > On Sat, Jul 21, 2012 at 05:22:07PM +0200, Tonix (Antonio Nati) wrote: >=20 >> If you can provide a link to this PF diagram it would be very useful. >=20 > A copy is preserved on http://www.benzedrine.cx/pf_flow.png >=20 > Yes, there are two phases. >=20 > HTH, > Daniel > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >=20
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?D6D4B584-0BF6-4996-A8B9-E8BB094A54D5>