tech-lists(tech-li...@zyxst.net) on 2021.10.31 15:10:57 +0000: > Hello misc@ > > Generically, can OpenBSD [7.0] apply rules to *just* the ethernet > interface, ignoring the bridge and tap interfaces? Can it do this > natively or is a VLAN required as well? Or something else? > > I'm asking this here because I'm trying to do this with FreeBSD > but their pf has diverged a lot from OpenBSD's, and what I thought > would work does not. skip on $tap_ifs has unexpected results in that > traffic still gets blocked on the guest. > > If OpenBSD's pf does work for my use case, then a way to solving my > issue may be to have an OpenBSD guest in the FreeBSD host managing the > pf for the host as bhyve has pci passthru. The other way would be to put > a firewall box in front of the freebsd host.
Maybe you could describe a bit more what you are trying to do.
