How to Force Packet Traversal Order (IPFW2 => PF)

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: alfadev via freebsd-ipfw <freebsd-ipfw_at_FreeBSD.org>
Date: Fri, 30 Jul 2021 11:40:03 UTC

Hi,
I have to use both IPFW and PF sametime in my freebsd 12.2 gateway

According to my observations firewalls are following this order all of my scenarios PF => IPFW2. I see this exactly When i use PF's route-to option . When i create Load-Balancing rule using PF's route-to, packets not entering into IPFW. So when i made PBR, IPFW rules like mac based piping, bandwidth, captive portal etc. does not works.
So that
i am trying to do this order:
input => ipfw => pf

but i think i cannot change this order without touching kernel level .
when i made some research i found [this](https://www.opennet.ru/tips/info/1431.shtml) https://www.opennet.ru/tips/info/1431.shtml

IPFW and PF startup order definitions are in this files

Code:

/usr/src/sys/netpfil/ipfw/ip_fw2.c
/usr/src/sys/netpfil/pf/pf_ioctl.c

I have not sufficient skills to editing kernel level files
and tried instructions below but i couldn't changed that order.

I am stuck on this for weeks my mind gonna blow
Any help would be appreciated at this point..