Re: rp_filter equivalent?

On Sun, Jun 29, 2025 at 09:48:58PM -0400, Paul Procacci wrote:

> The "fix" your problem ......
> You need to create a bridge.
> Add your main interface to the bridge.
> You can assign your .10 to the bridge.
> Then, you can create your epair.
> Assign the a side the bridge and the b side to your jail.
> Add your .50 the the 'b' side, and add the default route of .1.

Hrm, hrm. That's what I was doing first. I was basing it off what I use
here:

    https://wiki.freebsd.org/MasonLoringBliss/JailsEpair

In fact... I... am pretty sure I did exactly what you're suggesting, but
the system told me I couldn't set a default route in the jail because it
wasn't a legal address.

So: NIC, epair0a in bridge0; epair0b in vnet jail. If epair0b had the
correct (floating) address I couldn't set the default route, because the
default route was in an unrelated /24. I had to set epair0a to something in
the same /24 for me to get a default route set for epair0b, and I had to
break epair0a out of the bridge.

I'll mess with it again sometime soon because I feel like it really ought
to have worked the way I set it up first. I'll report back here with more
details. It's working now, but I really don't like *how* it's working.

-- 
Mason Loring Bliss  ((   If I have not seen as far as others, it is because
 mason@blisses.org   ))   giants were standing on my shoulders. - Hal Abelson