From owner-freebsd-questions@FreeBSD.ORG  Fri Jan 17 17:28:47 2014
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 66A9E3F1
 for <freebsd-questions@freebsd.org>; Fri, 17 Jan 2014 17:28:47 +0000 (UTC)
Received: from blue.qeng-ho.org (blue.qeng-ho.org [217.155.128.241])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id D50121878
 for <freebsd-questions@freebsd.org>; Fri, 17 Jan 2014 17:28:46 +0000 (UTC)
Received: from fileserver.home.qeng-ho.org (localhost [127.0.0.1])
 by fileserver.home.qeng-ho.org (8.14.7/8.14.5) with ESMTP id s0HHPqE6021590
 for <freebsd-questions@freebsd.org>; Fri, 17 Jan 2014 17:25:53 GMT
 (envelope-from freebsd@qeng-ho.org)
Message-ID: <52D967A0.9040900@qeng-ho.org>
Date: Fri, 17 Jan 2014 17:25:52 +0000
From: Arthur Chance <freebsd@qeng-ho.org>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
 rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: FreeBSD-Questions <freebsd-questions@freebsd.org>
Subject: pf and virtual interfaces
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Mailman-Approved-At: Fri, 17 Jan 2014 17:34:42 +0000
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Jan 2014 17:28:47 -0000

The manual page for pf.conf contains the following snippet

set skip on ⟨ifspec⟩
      List interfaces for which packets should not be filtered.  Packets
      passing in or out on such interfaces are passed as if pf was dis‐
      abled, i.e. pf does not process them in any way.  This can be use‐
      ful on loopback and other virtual interfaces, when packet filtering
      is not desired and can have unexpected effects.

Does anyone know what the "unexpected effects" mentioned in the last 
sentence are? I ask because I'm currently working on a pf configuration 
that would be heavily filtering connections on a cloned loopback 
interface used to isolate service jails.