I don't do hotplugging to pfSense. I've created separate Fedora based netvms with bridges named LAN and DMZ and connected pfSense to those at start. Then other VMs can use those netvms and connect either to a bridge or do the usual Qubes routing. Physycal NIC's can be added to tjose vms and bridges. In case of routing one needs to masquerade selectively on the bridge interface (qubes does masquerading on all interfaces except lo and vif+ by default). In case of bridging, vm's config file has to invoke vif-bridge script, provide source bridge name and vm's ip address. Then the script will do the rest. qvm-start --custom-config=...
This may be not optimal as bridges consume cpu cycles and irq processing. On the other hand Qubes currently doesn't support HVM netvms so until v4.0 that's the only solution I see. I'll keep playing with it but I suspect virtualised pfSense is not a good idea for real life use. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4e3f85fe-53ef-405d-8497-19caa5b144d1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.