pf bridge and tap interfaces (12-current)
tech-lists
tech-lists at zyxst.net
Sat Apr 22 23:41:04 UTC 2017
Hello pf@
Is there a way of having PF protect the host yet allowing free traffic
to tap interfaces? These tap interfaces will all have real IPs and will
be brought up by bhyve guests. The ethernet interface and tap interfaces
are all members of bridge0.
Somehow, the host needs to also have a tap but I can't get my head
around it because it's a host and it needs to be therefore, I guess,
ethernet -> bridge -> tap and then pf on the tap and not the bridge or
ethernet. Can the host also have a tap? And then set the host interface
to be that tap. I can't see it working if PF is looking at ethernet. Is
this correct?
thanks,
--
J.
More information about the freebsd-pf
mailing list