Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Net.inet.ip.pfil.* pf ipfw order

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 2.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dhatz
      last edited by

      I understand pfsense has improved stock FreeBSD by adding a feature that allows one to specify the order in which packets are seen by its two packet filters (pf & ipfw)

      sysctl net.inet.ip.pfil

      net.inet.ip.pfil.inbound=pf, ipfw*
      net.inet.ip.pfil.outbound=pf, ipfw*

      However in those for IPv6 (net.inet6.ip6.pfil.*) pf & ipfw appear in different order and there is no asterisk.

      Could someone please provide more info about this feature?

      1 Reply Last reply Reply Quote 0
      • D
        dhatz
        last edited by

        What is the path that an IP packet takes through the two pfsense packet filters (pf & ipfw) ?

        I noticed the ifconfig IPFW_FILTER flag gets added on an interface when CP is enabled on it.

        TIA.

        1 Reply Last reply Reply Quote 0
        • E
          eri--
          last edited by

          That puts the order on which pfil(9) consumers 'taste' packets.

          It was developed first for overcoming some issues but now its not used at all as you can see from the * in ipfw its not a pfil(9) consumer as used in pfSense.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.