Date: Sun, 23 Apr 2017 00:31:43 +0100 From: tech-lists <tech-lists@zyxst.net> To: freebsd-pf@freebsd.org Subject: pf bridge and tap interfaces (12-current) Message-ID: <49d42a13-ebcc-1df2-1d45-ce55b9ddb740@zyxst.net>
next in thread | raw e-mail | index | archive | help
Hello pf@ Is there a way of having PF protect the host yet allowing free traffic to tap interfaces? These tap interfaces will all have real IPs and will be brought up by bhyve guests. The ethernet interface and tap interfaces are all members of bridge0. Somehow, the host needs to also have a tap but I can't get my head around it because it's a host and it needs to be therefore, I guess, ethernet -> bridge -> tap and then pf on the tap and not the bridge or ethernet. Can the host also have a tap? And then set the host interface to be that tap. I can't see it working if PF is looking at ethernet. Is this correct? thanks, -- J.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49d42a13-ebcc-1df2-1d45-ce55b9ddb740>