Order of ipf, ipnat and bpf

To: tech-net%netbsd.org@localhost
Subject: Order of ipf, ipnat and bpf
From: Edgar Fuß <ef%math.uni-bonn.de@localhost>
Date: Thu, 19 May 2022 11:01:38 +0200

I'm alway confused in which order an incoming (or outgoing) packet is 
processed by ipf, ipnat and bpf.
What I observed is:
-- for a packet processed by an ipnat rdr rule, you, in an ipf rule, 
   need to use the re-written port number
-- tcpdump doesn't notice packets blocked by ipf
-- for a packet processed by an ipnat rdr rule, tcpdump displays the
   original port number.
I can't put the three in an order that explains what I observe.
Does a packet transformed by a rdr rule internally carry both port numbers?

Follow-Ups:
- Re: Order of ipf, ipnat and bpf
  - From: Pierre-Philipp Braun

Prev by Date: Re: TCP RST sent on incoming UDP packet
Next by Date: Re: TCP RST sent on incoming UDP packet
Previous by Thread: TCP RST sent on incoming UDP packet
Next by Thread: Re: Order of ipf, ipnat and bpf
Indexes:

Home | Main Index | Thread Index | Old Index