Hello,
On Tue, Oct 13, 2020 at 08:26:23PM +0300, Oleksandr Kryvulia wrote:
[snip]
block all
pass in quick on $ext_if inet proto tcp from any to ($ext_if) port 22
pass in quick on $tap_if inet proto tcp from any to ($tap_if)
thanks,
External traffic to your tap interface arrives through ix0.
Hi,
Is it possible to have a ruleset allowing unfiltered access to a tap
interface, but filtered on the real interface it's bridged to?
Let's say there are these:
ext_if="ix0" # real external ip, on a /29
int_if="igb0" # internal ip 10.0.0.2/8
tap_if="tap0" # this services a vm on this machin
Hello pf@
Is there a way of having PF protect the host yet allowing free traffic
to tap interfaces? These tap interfaces will all have real IPs and will
be brought up by bhyve guests. The ethernet interface and tap interfaces
are all members of bridge0.
Somehow, the host needs to also have a tap
