--- ip_fw_private.h.orig	2017-07-06 22:56:37.107986503 +0300
+++ ip_fw_private.h	2017-10-04 08:24:29.724189000 +0300
@@ -82,6 +82,7 @@
  */
 struct ip_fw_args {
 	struct mbuf	*m;		/* the mbuf chain		*/
+	struct ifnet	*iif;		/* intermediate interface	*/
 	struct ifnet	*oif;		/* output interface		*/
 	struct sockaddr_in *next_hop;	/* forward address		*/
 	struct sockaddr_in6 *next_hop6; /* ipv6 forward address		*/


--- ip_fw_pfil.c.orig	2017-07-06 22:56:39.178985707 +0300
+++ ip_fw_pfil.c	2017-10-04 08:43:16.598927000 +0300
@@ -145,6 +145,7 @@
 	}
 
 	args.m = *m0;
+	args.iif = dir == DIR_IN && ifp != args.m->m_pkthdr.rcvif ? ifp : NULL;
 	args.oif = dir == DIR_OUT ? ifp : NULL;
 	args.inp = inp;
 
@@ -341,6 +342,7 @@
 	m_adj(m, ETHER_HDR_LEN);	/* strip ethernet header */
 
 	args.m = m;		/* the packet we are looking at		*/
+	args.iif = dir == PFIL_IN && ifp != m->m_pkthdr.rcvif ? ifp : NULL;
 	args.oif = dir == PFIL_OUT ? ifp: NULL;	/* destination, if any	*/
 	args.next_hop = NULL;	/* we do not support forward yet	*/
 	args.next_hop6 = NULL;	/* we do not support forward yet	*/


--- ip_fw2.c.orig	2017-07-06 22:56:39.180986274 +0300
+++ ip_fw2.c	2017-10-04 09:26:00.528889000 +0300
@@ -914,6 +914,8 @@
 #endif
 	int ucred_lookup = 0;
 
+	struct ifnet *iif = args->iif;
+
 	/*
 	 * oif | args->oif	If NULL, ipfw_chk has been called on the
 	 *	inbound path (ether_input, ip_input).
@@ -1384,7 +1386,7 @@
 
 			case O_VIA:
 				match = iface_match(oif ? oif :
-				    m->m_pkthdr.rcvif, (ipfw_insn_if *)cmd,
+				    iif ? iif : m->m_pkthdr.rcvif, (ipfw_insn_if *)cmd,
 				    chain, &tablearg);
 				break;