Date: Tue, 31 Mar 2020 11:20:36 +0200 From: peter.blok@bsd4all.org To: freebsd-net <freebsd-net@freebsd.org> Subject: pf firewall on bridge member Message-ID: <AF349C37-C963-434B-90AE-A99D34688BDD@bsd4all.org>
next in thread | raw e-mail | index | archive | help
I have difficulty filtering one member of a bridge using pf firewall net.link.bridge.pfil_member: 1 net.link.bridge.pfil_bridge: 0 Two segments are bridged, segment 'home' and segment ‘safe'. The idea for segment ’safe’ is to only allow access to the outside world with certain rules, but NO access to segment ‘home’ Hosts on segment ‘home’ are allowed to initiate a connection to hosts on segment ’safe’ When I do an ifconfig safe down, the connection from a host on ‘home’ to safe is severed, so there is no alternative way to get there. But any rule on the interface corresponding with zone ’safe’ does not work. Both members are vlan interfaces. I have tried to disable any hardware vlan capabilities, nut no effect I’m running recent 12-STABLE I need to have both segments on the same IP segment. If someone has other ideas to do it differently Peter
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AF349C37-C963-434B-90AE-A99D34688BDD>