Date: Sat, 25 Jun 2016 18:13:18 -0600 From: Alan Somers <asomers@freebsd.org> To: org.freebsd.security@io7m.com Cc: Marko Zec <zec@fer.hr>, FreeBSD Net <freebsd-net@freebsd.org> Subject: Re: ifconfig: BRDGADD lo1: invalid argument Message-ID: <CAOtMX2hv_ePxVwrzYaXBjcO=uCez4V50OGFGCrzjCV87az9RLw@mail.gmail.com> In-Reply-To: <20160625220551.646eccb6@copperhead.int.arc7.info> References: <20160625164240.7cea7587@copperhead.int.arc7.info> <20160625234636.2f086908@x23> <20160625220551.646eccb6@copperhead.int.arc7.info>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Jun 25, 2016 at 4:05 PM, <org.freebsd.security@io7m.com> wrote: > Hello! > > On 2016-06-25T23:46:36 +0200 > Marko Zec <zec@fer.hr> wrote: >> >> if_bridge(4) works only with ethernet interfaces, and lo(4) isn't such a >> thing. > > Has this always been the case? I'm almost certain that I set up jails > with extra loopback devices that communicated over bridges back in the > FreeBSD 6 days. > >> Assuming you are using vnet jails, take a look at if_epair(4): assign >> one endpoint to the bridge, and the another one to the jail. > > I'm not using vnet jails. I'm actually just trying to get filtering of > outbound traffic (see the other mail I sent to this list a few seconds > before you responded). Based on my experience, I highly recommend vnet jails if you want outbound filtering. It's much simpler than trying to filter outbound traffic from shared-IP jails. > >> If you're not using vnet jails, you should simply add an alias address >> to em0. > > Could you explain a little more here? > > M > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOtMX2hv_ePxVwrzYaXBjcO=uCez4V50OGFGCrzjCV87az9RLw>