On Sat, Jun 25, 2016 at 4:05 PM, <org.freebsd.secur...@io7m.com> wrote: > Hello! > > On 2016-06-25T23:46:36 +0200 > Marko Zec <z...@fer.hr> wrote: >> >> if_bridge(4) works only with ethernet interfaces, and lo(4) isn't such a >> thing. > > Has this always been the case? I'm almost certain that I set up jails > with extra loopback devices that communicated over bridges back in the > FreeBSD 6 days. > >> Assuming you are using vnet jails, take a look at if_epair(4): assign >> one endpoint to the bridge, and the another one to the jail. > > I'm not using vnet jails. I'm actually just trying to get filtering of > outbound traffic (see the other mail I sent to this list a few seconds > before you responded).
Based on my experience, I highly recommend vnet jails if you want outbound filtering. It's much simpler than trying to filter outbound traffic from shared-IP jails. > >> If you're not using vnet jails, you should simply add an alias address >> to em0. > > Could you explain a little more here? > > M > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org" _______________________________________________ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
