Hi! > Am 16.10.2024 um 16:19 schrieb Palle Girgensohn <gir...@freebsd.org>: > [...] > but nothing happens, everything is passed directly into the jail: > > nc -l 4444 (inside the jail) > > and I can just telnet 1.2.3.4 4444
Try: sysctl net.link.bridge.pfil_member=0 sysctl net.link.bridge.pfil_bridge=1 Although I do not know if this ablies to netgraph or to if_bridge(4) only. But obviously your rules are not applied to the bridge interface. The default of the tunables above is the other way round - don't filter on bridge interfaces. HTH, Patrick -- punkt.de GmbH Patrick M. Hausen .infrastructure Sophienstr. 187 76185 Karlsruhe Tel. +49 721 9109500 https://infrastructure.punkt.de i...@punkt.de AG Mannheim 108285 Geschäftsführer: Daniel Lienert, Fabian Stein
