From owner-freebsd-questions@freebsd.org Thu Jan 19 16:41:19 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8EF2DCB8389 for ; Thu, 19 Jan 2017 16:41:19 +0000 (UTC) (envelope-from tech-lists@zyxst.net) Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 63EF21E3F for ; Thu, 19 Jan 2017 16:41:19 +0000 (UTC) (envelope-from tech-lists@zyxst.net) Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 2598C20668 for ; Thu, 19 Jan 2017 11:41:18 -0500 (EST) Received: from frontend1 ([10.202.2.160]) by compute4.internal (MEProxy); Thu, 19 Jan 2017 11:41:18 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=zyxst.net; h= content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=mesmtp; bh=t9Z04PHqhmW4O6R mVERJndW3ows=; b=n/4mDQ53GtzRcOL1naUKhlmYdfsnGdwZP6snXAHsXNMM4MU QMndFl73RqC1d6bKyevTtUoML0upeSftDzJpidW1tdGZXM3TDWQ1Zc/4UHsA8v3w j2k2HJD3Ucg3grb1o1nUT1sXIdAXR19Q2p88gZF8vKt/AuEeAOrvY1aSQt0k= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc:x-sasl-enc; s= smtpout; bh=t9Z04PHqhmW4O6RmVERJndW3ows=; b=TQR4o4pOAS27ybj+PoHS E+bqZd/Ga6zefwD7QrMQ1oeZm18U6Mwe7qdt/pKrCb2dcAUA/11U7oXNScZae6ua 8n3t4mLCDc3fCJ6J1K6f+y5l1XB/5eohqkBhO7TxNMdKXmf74Z5ZIO4x1JswP/I9 /EMi+DBK9um4SS5A7+Tva6g= X-ME-Sender: X-Sasl-enc: OSVp9ZuLD3Z4ANwz+mE1kvNf0iLqLgcvYVOjKqmc1FJ3 1484844077 Received: from pumpkin.growveg.org (pumpkin.growveg.org [82.70.91.101]) by mail.messagingengine.com (Postfix) with ESMTPA id BC3017E808 for ; Thu, 19 Jan 2017 11:41:17 -0500 (EST) Subject: Re: PF firewall on BHyve host - impact on guests To: freebsd-questions@freebsd.org References: From: tech-lists Message-ID: Date: Thu, 19 Jan 2017 16:40:41 +0000 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:45.0) Gecko/20100101 Thunderbird/45.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Jan 2017 16:41:19 -0000 On 19/01/2017 15:43, James B. Byrne via freebsd-questions wrote: > We are running a BHyve host with multiple guests. My question is do > PF settings on the host impact network traffic sent to/from the > guests? In my experience, yes. I run a freebsd bhyve host with 9 guests, mixture of freebsd and ubuntu. Each of the guests has a functioning firewall and they are not all set up the same. This is the most straightforward setup for me as I can tailor each guest its required firewall functionality independently. -- J.