question regarding ipfw on -current
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 22 Mar 2025 17:22:43 UTC
Hi, (this is on a recent -current amd64) I'd like to run ipfw on a bhyve host in order to protect services on that host. I'm a novice wrt ipfw. The bhyve hosts use tap interfaces for the guests. I don't want traffic going via those interfaces processed *at all* because the bhyve guests have their own (pf) firewalls. I can't do this with pf because pf is a layer3-only firewall, and this i think requires layer2 capability. Would this be sufficient in an ipfw ruleset to allow traffic to pass? $cmd add allow all from any to any via tap0 Or do I need to refer to each interface differently, like via its MAC address? --