Using a custom kernel built with
seems to prevent rdr rules that have an explicit pass keyword specified from functioning as intended. i.e.
rdr pass log on $int_if inet proto tcp to port 4242 -> 127.0.0.1 port 4242
This rule should redirect and pass tcp traffic arriving on the internal interface and destined for port 4242 to 127.0.0.1 port 4242. The log shows that the rule is matched and applied, but the traffic never makes it to it's intended destination. Using a kernel built without the option PF_DEFAULT_TO_DROP the rule works as intended and passes the traffic through.
I think I see what's going on there.
PF_DEFAULT_TO_DROP sets V_pf_default_rule.action = PF_DROP;
A 'rdr pass' sets the 'natpass' flag on a rule (I think, not 100% sure), which causes us to do:
r = NULL;
That's intended to just select the default rule, which usually passes traffic. With 'PF_DEFAULT_TO_DROP' that doesn't work as expected.
Note that I'm not picking this bug up right now. It's on my todo list with many dozens of others. I make no promises about when I'll come back to this.