Thanks Uwe Werler!
I have not yet estabilished chain described in first message, but it is due to
lack of time
I didn't tried.
Firefox runs as firefox user.
I have actually MitM on relayd *using divert* with this pf-magic:
cat /etc/pf_kop.conf
ext_if="bge0"
int_if="lo0"
set state-policy floating
pass out quick log on $ext_if inet proto tcp to any port 443 user firefox
route-to lo0
pass in quick log on lo0 inet proto tcp to any port 443 divert-to 127.0.0.1
port 8443
pass in
pass out
Thanks for all, especially Uwe Werler!
I am going to try make chain described in first message in day or two.
