On 14.10.20 04:37, tech-lists wrote:
>
> Hello,
>
> On Tue, Oct 13, 2020 at 08:26:23PM +0300, Oleksandr Kryvulia wrote:
>>>
>>> [snip]
>>> block all
>>> pass in quick on $ext_if inet proto tcp from any to ($ext_if) port 22
>>> pass in quick on $tap_if inet proto tcp from any to ($tap_if)
>>>
>>> th
Hello,
On Tue, Oct 13, 2020 at 08:26:23PM +0300, Oleksandr Kryvulia wrote:
[snip]
block all
pass in quick on $ext_if inet proto tcp from any to ($ext_if) port 22
pass in quick on $tap_if inet proto tcp from any to ($tap_if)
thanks,
External traffic to your tap interface arrives through ix0.
On 12 Oct 2020, at 23:48, Andreas Longwitz wrote:
Hello,
now I can confirm (on FreeBSD 10 Stable) what you see on fb2 when your
program udp_client is running on fb1. pf creates a state for the first
packet only, for the other packets pf failes to create a state with
messages like
pf: stack key
On 13.10.20 19:07, tech-lists wrote:
> Hi,
>
> Is it possible to have a ruleset allowing unfiltered access to a tap
> interface, but filtered on the real interface it's bridged to?
>
> Let's say there are these:
>
> ext_if="ix0" # real external ip, on a /29 int_if="igb0" # internal ip
> 10.0.0.2/8
Hi,
Is it possible to have a ruleset allowing unfiltered access to a tap
interface, but filtered on the real interface it's bridged to?
Let's say there are these:
ext_if="ix0" # real external ip, on a /29
int_if="igb0" # internal ip 10.0.0.2/8
tap_if="tap0" # this services a vm on this machin
