Re: How to Force Packet Traversal Order (IPFW2 => PF)

From: Juraj Lutter <>
Date: Sat, 31 Jul 2021 13:10:47 UTC

> On 31 Jul 2021, at 10:17, Eugene Grosbein <> wrote:
>> IPFW and PF startup order definitions are in this files
>> Code:
>> /usr/src/sys/netpfil/ipfw/ip_fw2.c
>> /usr/src/sys/netpfil/pf/pf_ioctl.c
>> I have not sufficient skills to editing kernel level files
>> and tried instructions below but i couldn't changed that order.
>> I am stuck on this for weeks my mind gonna blow
>> Any help would be appreciated at this point..
> You need not to edit kernel sources. AFAIK it is possible to achieve what you need
> building custom kernel with ipfw included but pf not included to the kernel and loaded as module.

I wonder if some tweaking using pfilctl(8) would do the trick. I don’t have any pf+ipfw boxes.


Juraj Lutter