From owner-freebsd-net@freebsd.org  Wed May  4 15:59:25 2016
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id EA40DB2B21B
 for <freebsd-net@mailman.ysv.freebsd.org>;
 Wed,  4 May 2016 15:59:25 +0000 (UTC) (envelope-from sd@beastie.io)
Received: from beastie.io (beastie.io [104.236.166.19])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "beastie.io", Issuer "StartCom Class 1 DV Server CA" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id D92AD1763;
 Wed,  4 May 2016 15:59:25 +0000 (UTC) (envelope-from sd@beastie.io)
Received: from beastie.io (localhost [127.0.0.1])
 by beastie.io (OpenSMTPD) with ESMTPS id 062c4538
 TLS version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO; 
 Wed, 4 May 2016 15:59:17 +0000 (UTC)
Received: (from sd@localhost)
 by beastie.io (8.15.2/8.15.2/Submit) id u44FxGK1019198;
 Wed, 4 May 2016 15:59:16 GMT (envelope-from sd@beastie.io)
Date: Wed, 4 May 2016 15:59:15 +0000
From: Shawn Debnath <sd@beastie.io>
To: Alan Somers <asomers@freebsd.org>
Cc: Kristof Provost <kristof@sigsegv.be>, FreeBSD Net <freebsd-net@freebsd.org>
Subject: Re: How to use pf with vimage jails?
Message-ID: <20160504155915.GD4796@beastie.io>
References: <CAOtMX2jtxjUxiOv_LqO8Gg5AhXrSBb+WatCktx7y03w=st=w3w@mail.gmail.com>
 <67045371-07B8-4718-8A8B-98E3FBFF994E@sigsegv.be>
 <CAOtMX2hLhLGPU+6qb9ROd1P3vvazb_k3K6p0Q5A5a-znVzJQcg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAOtMX2hLhLGPU+6qb9ROd1P3vvazb_k3K6p0Q5A5a-znVzJQcg@mail.gmail.com>
User-Agent: Mutt/1.6.0 (2016-04-01)
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 04 May 2016 15:59:26 -0000

On 05/04, Alan Somers wrote:
> Then maybe it's the bridged aspect that's screwing me up.  Is there a guide
> for using pf on bridged interfaces?  All I can find is this guide for ipfw.

I ran into a similar issue recently  and decided to write up an article on
my site that documents how to set up jails with VNET/VIMAGE using a bridge
on the host. This might help you:

  http://shawndebnath.com/articles/2016/03/27/freebsd-jails-with-vlan-howto.html

If you see any errors, do let me know and I will get those fixed up.

Thanks,
Shawn