routing table vs PF precendence

Question

I am wondering when a packet reaches an interface and I have some PF rules, which gets checked first, the routing table or the ruleset?

ext_if = "em0"  
int_if = "em1" 
localnet = $int_if:network
VPN_if = 172.16.0.110

nat log on $ext_if from any to any -> ($ext_if)
rdr pass log on $ext_if proto tcp from !($ext_if) to any port 1:65000\
        -> $VPN_if port 2500
pass log from { lo0, $localnet } to any keep state

score 5 · Accepted Answer · answered Jan 01 '14 at 17:10

5

In FreeBSD the firewalls (IPF, IPFW, and PF) sit between the Device Driver and the IP Stack.
Routing is part of the IP Stack.

answered Jan 01 '14 at 17:10

Chris S

78,455

routing table vs PF precendence

1 Answers1