On 2023-06-07, Nick Bouliane <nicb...@gmail.com> wrote: > I have a bridge veb0 to which is connected tap1, the interface of a virtual > machine. > On the bridge I have a rule for tap1: > pass in on tap1 src 11:22:33:44:55:66 tag VM1 > > In the bridge I also have an interface vport0 with the IP address > 1921.168.0.1 > This virtual machine has the IP 192.168.0.2 > > When a packet comes out of the VM (i.e: curl) it gets tagged by the rule > that I have on the veb bridge. > I know the tag is working because I can drop packets with pf (pf.conf) if I > add that rule: > block in on tap1 tagged VM1 > > I have relayd listening on vport0 and in my relayd.conf I have this filter: > pass path "/something.html" tagged VM1
Those "rule tags" are specific to relayd and are not connected with the PF tags at all. The only place relayd interacts with PF tags is if you use "pftag" in a relayd redirection. -- Please keep replies on the mailing list.
