> 16 okt. 2024 kl. 18:17 skrev Patrick M. Hausen <hau...@punkt.de>:
>
> Hi!
>
>> Am 16.10.2024 um 16:19 schrieb Palle Girgensohn <gir...@freebsd.org>:
>> [...]
>> but nothing happens, everything is passed directly into the jail:
>>
>> nc -l 4444 (inside the jail)
>>
>> and I can just telnet 1.2.3.4 4444
>
> Try:
>
> sysctl net.link.bridge.pfil_member=0
> sysctl net.link.bridge.pfil_bridge=1
>
> Although I do not know if this ablies to netgraph or to if_bridge(4) only.
>
> But obviously your rules are not applied to the bridge interface. The default
> of the tunables above is the other way round - don't filter on bridge
> interfaces.
>
> HTH,
> Patrick
Hallo Patrick,
Thanks for the reply. It seems that these MIBs are related to if_bridge, not
ng_bridge? I didn't have them at first, men after kldload if_bridge they
appeared. They make no difference, though, so perhaps they do not relate to
netgraph bridges?
Any idea what tuneables would do the job?
Thanks,
Palle
