diff --git a/tests/sys/netpfil/common/dummynet.sh b/tests/sys/netpfil/common/dummynet.sh
--- a/tests/sys/netpfil/common/dummynet.sh
+++ b/tests/sys/netpfil/common/dummynet.sh
@@ -25,6 +25,7 @@
 # SUCH DAMAGE.
 
 . $(atf_get_srcdir)/utils.subr
+. $(atf_get_srcdir)/../pf/utils.subr
 . $(atf_get_srcdir)/runner.subr
 
 interface_removal_head()
@@ -609,6 +610,99 @@
 }
 
 
+pre_post_routing_head()
+{
+	atf_set descr 'Check if dummynet is applied both pre- and post-routing'
+	atf_set require.user root
+}
+
+pre_post_routing_body()
+{
+	fw=$1
+	firewall_init $fw
+	dummynet_init $fw
+
+	setup_router_server_ipv6
+
+	jexec router dnctl pipe 11 config bw 1Mb/s
+	jexec router dnctl pipe 12 config bw 1Mb/s
+	jexec router dnctl pipe 21 config bw 1Mb/s
+	jexec router dnctl pipe 22 config bw 1Mb/s
+
+	pft_set_rules router \
+		"set state-policy if-bound" \
+		"block" \
+		"pass inet6 proto icmp6 icmp6-type { neighbrsol, neighbradv }" \
+		"pass in  on ${epair_tester}b inet6 proto tcp dnpipe (11 12) keep state" \
+		"pass out on ${epair_server}a inet6 proto tcp dnpipe (21 22) keep state"
+
+	ping_server_check_reply exit:0 \
+		--ping-type=tcp3way \
+		--send-sport=4201
+
+	atf_check -s exit:0 -o inline:"3\n" -x \
+		"jexec router dnctl pipe show 11 | awk '/0.0.0.0/ {print \$5}'"
+	atf_check -s exit:0 -o inline:"2\n" -x \
+		"jexec router dnctl pipe show 12 | awk '/0.0.0.0/ {print \$5}'"
+	atf_check -s exit:0 -o inline:"3\n" -x \
+		"jexec router dnctl pipe show 21 | awk '/0.0.0.0/ {print \$5}'"
+	atf_check -s exit:0 -o inline:"2\n" -x \
+		"jexec router dnctl pipe show 22 | awk '/0.0.0.0/ {print \$5}'"
+}
+
+pre_post_routing_cleanup()
+{
+	firewall_cleanup $1
+}
+
+
+pre_post_routeto_head()
+{
+	atf_set descr 'Check if dummynet is applied both pre- and post-route-to'
+	atf_set require.user root
+}
+
+pre_post_routeto_body()
+{
+	fw=$1
+	firewall_init $fw
+	dummynet_init $fw
+
+	setup_router_server_ipv6
+
+	jexec router dnctl pipe 11 config bw 1Mb/s
+	jexec router dnctl pipe 12 config bw 1Mb/s
+	jexec router dnctl pipe 21 config bw 1Mb/s
+	jexec router dnctl pipe 22 config bw 1Mb/s
+
+	pft_set_rules router \
+		"set state-policy if-bound" \
+		"block" \
+		"pass inet6 proto icmp6 icmp6-type { neighbrsol, neighbradv }" \
+		"pass in  on ${epair_tester}b route-to ( ${epair_server}a ${net_server_host_server}) inet6 proto tcp tag sometag dnpipe (11 12)" \
+		"pass out on ${epair_server}a inet6 proto tcp dnpipe (21 22) keep state"
+
+	atf_check -s exit:0 ${common_dir}/pft_ping.py \
+	    --sendif ${epair_tester}a \
+	    --to ${net_routeto_host_server} \
+	    --replyif ${epair_tester}a \
+	    --ping-type=tcp3way \
+	    --send-sport=4201
+
+	atf_check -s exit:0 -o inline:"3\n" -x \
+		"jexec router dnctl pipe show 11 | awk '/0.0.0.0/ {print \$5}'"
+	atf_check -s exit:0 -o inline:"2\n" -x \
+		"jexec router dnctl pipe show 12 | awk '/0.0.0.0/ {print \$5}'"
+	atf_check -s exit:0 -o inline:"3\n" -x \
+		"jexec router dnctl pipe show 21 | awk '/0.0.0.0/ {print \$5}'"
+	atf_check -s exit:0 -o inline:"2\n" -x \
+		"jexec router dnctl pipe show 22 | awk '/0.0.0.0/ {print \$5}'"
+}
+
+pre_post_routeto_cleanup()
+{
+	firewall_cleanup $1
+}
 
 setup_tests		\
 	interface_removal	\
@@ -638,4 +732,8 @@
 		pf	\
 	pls_gilbert	\
 		ipfw	\
+		pf	\
+	pre_post_routing	\
+		pf	\
+	pre_post_routeto	\
 		pf