Re: How to Force Packet Traversal Order (IPFW2 => PF)

Reply: Juraj Lutter : "Re: How to Force Packet Traversal Order (IPFW2 => PF)"
In reply to: alfadev via freebsd-ipfw : "How to Force Packet Traversal Order (IPFW2 => PF)"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Eugene Grosbein <eugen_at_grosbein.net>
Date: Sat, 31 Jul 2021 08:17:16 UTC

30.07.2021 18:40, alfadev via freebsd-ipfw wrote:

> Hi,
> I have to use both IPFW and PF sametime in my freebsd 12.2 gateway
> 
> According to my observations firewalls are following this order all of my scenarios PF => IPFW2. I see this exactly When i use PF's route-to option . When i create Load-Balancing rule using PF's route-to, packets not entering into IPFW. So when i made PBR, IPFW rules like mac based piping, bandwidth, captive portal etc. does not works.
> So that
> i am trying to do this order:
> input => ipfw => pf
> 
> but i think i cannot change this order without touching kernel level .
> when i made some research i found [this](https://www.opennet.ru/tips/info/1431.shtml) https://www.opennet.ru/tips/info/1431.shtml
> 
> IPFW and PF startup order definitions are in this files
> 
> Code:
> 
> /usr/src/sys/netpfil/ipfw/ip_fw2.c
> /usr/src/sys/netpfil/pf/pf_ioctl.c
> 
> I have not sufficient skills to editing kernel level files
> and tried instructions below but i couldn't changed that order.
> 
> I am stuck on this for weeks my mind gonna blow
> Any help would be appreciated at this point..

You need not to edit kernel sources. AFAIK it is possible to achieve what you need
building custom kernel with ipfw included but pf not included to the kernel and loaded as module.