From nobody Sat Jul 31 13:10:47 2021 X-Original-To: freebsd-pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id C604A12D1E03; Sat, 31 Jul 2021 13:10:58 +0000 (UTC) (envelope-from SRS0=zD/e=MX=FreeBSD.org=otis@ns2.wilbury.net) Received: from ns2.wilbury.net (ns2.wilbury.net [IPv6:2a01:b200:0:1:f816:3eff:fecd:13e6]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "svc.wilbury.net", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4GcPlk4CVXz4TQV; Sat, 31 Jul 2021 13:10:58 +0000 (UTC) (envelope-from SRS0=zD/e=MX=FreeBSD.org=otis@ns2.wilbury.net) Received: from smtpclient.apple (gw-upc.owhome.net [188.167.168.254]) (Authenticated sender: juraj@lutter.sk) by svc.wilbury.net (Postfix) with ESMTPSA id 127F845CF6B; Sat, 31 Jul 2021 15:10:48 +0200 (CEST) Content-Type: text/plain; charset=utf-8 List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.100.0.2.22\)) Subject: Re: How to Force Packet Traversal Order (IPFW2 => PF) From: Juraj Lutter In-Reply-To: <21339cbe-59c6-5b07-bf8b-8e8612ba64da@grosbein.net> Date: Sat, 31 Jul 2021 15:10:47 +0200 Cc: alfadev , "freebsd-ipfw@FreeBSD.org" , "freebsd-hackers@FreeBSD.org" , "freebsd-pf@FreeBSD.org" Content-Transfer-Encoding: quoted-printable Message-Id: <741DA620-C7E0-4B9B-BC0A-FE1020D80D4C@FreeBSD.org> References: <21339cbe-59c6-5b07-bf8b-8e8612ba64da@grosbein.net> To: Eugene Grosbein X-Mailer: Apple Mail (2.3654.100.0.2.22) X-Spam-Status: No, score=-0.8 required=5.0 tests=BAYES_00,KHOP_HELO_FCRDNS, SPF_HELO_NONE,SPF_SOFTFAIL,TW_PF autolearn=no autolearn_force=no version=3.4.5 X-Spam-Checker-Version: SpamAssassin 3.4.5 (2021-03-20) on ns2.wilbury.net X-Rspamd-Queue-Id: 4GcPlk4CVXz4TQV X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[] X-ThisMailContainsUnwantedMimeParts: N > On 31 Jul 2021, at 10:17, Eugene Grosbein wrote: >>=20 >> IPFW and PF startup order definitions are in this files >>=20 >> Code: >>=20 >> /usr/src/sys/netpfil/ipfw/ip_fw2.c >> /usr/src/sys/netpfil/pf/pf_ioctl.c >>=20 >> I have not sufficient skills to editing kernel level files >> and tried instructions below but i couldn't changed that order. >>=20 >> I am stuck on this for weeks my mind gonna blow >> Any help would be appreciated at this point.. >=20 > You need not to edit kernel sources. AFAIK it is possible to achieve = what you need > building custom kernel with ipfw included but pf not included to the = kernel and loaded as module. >=20 I wonder if some tweaking using pfilctl(8) would do the trick. I don=E2=80= =99t have any pf+ipfw boxes. otis =E2=80=94 Juraj Lutter otis@FreeBSD.org