Date: Fri, 17 Jan 2014 17:25:52 +0000 From: Arthur Chance <freebsd@qeng-ho.org> To: FreeBSD-Questions <freebsd-questions@freebsd.org> Subject: pf and virtual interfaces Message-ID: <52D967A0.9040900@qeng-ho.org>
next in thread | raw e-mail | index | archive | help
The manual page for pf.conf contains the following snippet
set skip on ⟨ifspec⟩
List interfaces for which packets should not be filtered. Packets
passing in or out on such interfaces are passed as if pf was dis‐
abled, i.e. pf does not process them in any way. This can be use‐
ful on loopback and other virtual interfaces, when packet filtering
is not desired and can have unexpected effects.
Does anyone know what the "unexpected effects" mentioned in the last
sentence are? I ask because I'm currently working on a pf configuration
that would be heavily filtering connections on a cloned loopback
interface used to isolate service jails.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?52D967A0.9040900>