pf firewall on bridge member
peter.blok at bsd4all.org
peter.blok at bsd4all.org
Tue Mar 31 09:38:46 UTC 2020
I have difficulty filtering one member of a bridge using pf firewall
net.link.bridge.pfil_member: 1
net.link.bridge.pfil_bridge: 0
Two segments are bridged, segment 'home' and segment ‘safe'. The idea for segment ’safe’ is to only allow access to the outside world with certain rules, but NO access to segment ‘home’
Hosts on segment ‘home’ are allowed to initiate a connection to hosts on segment ’safe’
When I do an ifconfig safe down, the connection from a host on ‘home’ to safe is severed, so there is no alternative way to get there.
But any rule on the interface corresponding with zone ’safe’ does not work.
Both members are vlan interfaces. I have tried to disable any hardware vlan capabilities, nut no effect
I’m running recent 12-STABLE
I need to have both segments on the same IP segment. If someone has other ideas to do it differently
Peter
More information about the freebsd-net
mailing list