On Wed, Apr 09, 2025 at 06:02:09AM -0000, Michael van Elst wrote: > And then we have a "fast forward" logic in the ethernet > and ppp code when the kernel is compiled with the GATEWAY > option and net.inet.ip.maxflows > 0. If I understand the > code correctly, this will bypass the IP layer and IP filters > for packets forwarded on a known IP flow.
I guess that breaks NAT for the "fast forward" flows then? The NPF documentation says the "fast forward" path isn't handled. --chris
