I have a bridge veb0 to which is connected tap1, the interface of a virtual machine. On the bridge I have a rule for tap1: pass in on tap1 src 11:22:33:44:55:66 tag VM1
In the bridge I also have an interface vport0 with the IP address 1921.168.0.1 This virtual machine has the IP 192.168.0.2 When a packet comes out of the VM (i.e: curl) it gets tagged by the rule that I have on the veb bridge. I know the tag is working because I can drop packets with pf (pf.conf) if I add that rule: block in on tap1 tagged VM1 I have relayd listening on vport0 and in my relayd.conf I have this filter: pass path "/something.html" tagged VM1 It doesn't work. If I try to match only the path it works, only the IP it works, etc... but the tag doesn't match. Is it supposed to work ? Does the veb strips the tag ? thank you, Nick