Okay, and the divert (4) man page says that outbound packets, after being reinjected, "are processed directly by the relevant IP/IPv6 output function," so I probably can't get pf to take another look at them so that "route-to" will apply.
If I were feeling brave and wanted to mess with this in the kernel, should I try to get the packet's routing changed after processing? Or would it be less insane for me to try to play with the routing before the divert? On Sun, Oct 3, 2010 at 6:52 AM, Michele Marchetto <myde...@openbeer.it> wrote: > Il giorno ven, 01/10/2010 alle 18.15 -0400, Daniel Browning-Weber ha > scritto: >> Is the use of both "route-to" and "divert-packet" in the same PF rule >> supported? > > divert-packet should be currently used alone. It sends the packet up to > userspace and any other options are lost.
