Hello misc@ Generically, can OpenBSD [7.0] apply rules to *just* the ethernet interface, ignoring the bridge and tap interfaces? Can it do this natively or is a VLAN required as well? Or something else?
I'm asking this here because I'm trying to do this with FreeBSD but their pf has diverged a lot from OpenBSD's, and what I thought would work does not. skip on $tap_ifs has unexpected results in that
traffic still gets blocked on the guest. If OpenBSD's pf does work for my use case, then a way to solving my issue may be to have an OpenBSD guest in the FreeBSD host managing the pf for the host as bhyve has pci passthru. The other way would be to put a firewall box in front of the freebsd host. thanks, -- J.
signature.asc
Description: PGP signature
