Date: Tue, 31 Mar 2020 11:20:36 +0200 From: peter.blok@bsd4all.org To: freebsd-net <freebsd-net@freebsd.org> Subject: pf firewall on bridge member Message-ID: <AF349C37-C963-434B-90AE-A99D34688BDD@bsd4all.org>
next in thread | raw e-mail | index | archive | help
I have difficulty filtering one member of a bridge using pf firewall net.link.bridge.pfil_member: 1 net.link.bridge.pfil_bridge: 0 Two segments are bridged, segment 'home' and segment =E2=80=98safe'. The = idea for segment =E2=80=99safe=E2=80=99 is to only allow access to the = outside world with certain rules, but NO access to segment =E2=80=98home=E2= =80=99 Hosts on segment =E2=80=98home=E2=80=99 are allowed to initiate a = connection to hosts on segment =E2=80=99safe=E2=80=99 When I do an ifconfig safe down, the connection from a host on = =E2=80=98home=E2=80=99 to safe is severed, so there is no alternative = way to get there. But any rule on the interface corresponding with zone =E2=80=99safe=E2=80=99= does not work. Both members are vlan interfaces. I have tried to disable any hardware = vlan capabilities, nut no effect I=E2=80=99m running recent 12-STABLE I need to have both segments on the same IP segment. If someone has = other ideas to do it differently Peter
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AF349C37-C963-434B-90AE-A99D34688BDD>