[Bug 272094] pfilctl IPFW hook order not works with PF route-to
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 272094] pfilctl IPFW hook order not works with PF route-to"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 272094] pfilctl IPFW hook order not works with PF route-to"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 272094] pfilctl IPFW hook order not works with PF route-to"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 272094] pfilctl IPFW hook order not works with PF route-to"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 272094] pfilctl IPFW hook order not works with PF route-to"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 272094] pfilctl IPFW hook order not works with PF route-to"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 272094] pfilctl IPFW hook order not works with PF route-to"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 20 Jun 2023 14:18:54 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272094
Bug ID: 272094
Summary: pfilctl IPFW hook order not works with PF route-to
Product: Base System
Version: 13.2-RELEASE
Hardware: amd64
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: kern
Assignee: bugs@FreeBSD.org
Reporter: burak.sn@outlook.com
CC: glebius@FreeBSD.org, ipfw@FreeBSD.org, kp@freebsd.org,
pf@FreeBSD.org
Hi i have created a simple captive portal using IPFW on my FreeBSD 13.2 RELEASE
machine
I am currently using both IPFW and PF at the same time. But some will say this
is a bad idea. I used IPFW for captive portal, bandwidth mgmt and any other
Layer 2 filtering purposes and PF for general firewalling proccess like block,
NAT, route-to.
#212331 this bug references same error but based on FreeBSD 10.3
My problem:
when i applied both captive portal and PBR rule on igb1. IPFW fwd cannot
redirect unauthenticated users to portal page. I think the packets that first
hit PF route-to are sent directly to the output interface. So that traffic not
hit to IPFW. So i tried to use newly implemented "pfilctl" tool to change
PF,IPFW hook order and I tried every combination but with no luck. I am
awaiting your kind responses
// FreeBSD's Default PF first in hook order
# pfilctl heads
Intercept point Type
inet6 IPv6
In pf default-in6
In ipfw default6
Out ipfw default6
Out pf default-out6
inet IPv4
In pf default-in
In ipfw default
Out ipfw default
Out pf default-out
ethernet Ethernet
In ipfw default-link
Out ipfw default-link
// My IPFW first in settings
pfilctl unlink -ia ipfw:default inet
pfilctl unlink -oa ipfw:default inet
pfilctl unlink -ia pf:default-in inet
pfilctl unlink -oa pf:default-out inet
// i tried every combination on linking
pfilctl link -ia ipfw:default inet
pfilctl link -ia pf:default-in inet
pfilctl link -oa pf:default-out inet
pfilctl link -oa ipfw:default inet
Intercept point Type
inet6 IPv6
In pf default-in6
In ipfw default6
Out ipfw default6
Out pf default-out6
inet IPv4
In ipfw default
In pf default-in
Out ipfw default
Out pf default-out
ethernet Ethernet
In ipfw default-link
Out ipfw default-link
// ROUTE-TO RULE
pass in log quick on { igb1 } route-to { ( igb0 192.168.30.1 ) } inet from
{ any } to { any }
--
You are receiving this mail because:
You are on the CC list for the bug.