On Sun, Oct 15, 2023 at 10:46:57AM -0700, Paul Vixie wrote:
You don't need L2 for this. The firewall pattern when your bare metal
host has an address in the vlan you use for guests is:
Allow the specific things you want the bare metal host to do;
Deny all else involving the bare metal host;
You don't need L2 for this. The firewall pattern when your bare metal host has
an address in the vlan you use for guests is:
Allow the specific things you want the bare metal host to do;
Deny all else involving the bare metal host;
Allow all else involving the guest subnet.
p vixie
Hello,
My objective is to protect services on a bhyve host, while allowing traffic
to the bhyve guests to pass to them unprocessed, as these each have pf and
their own firewall policies. The host running an up-to-date 13-stable.
I know ipfw can process both layer 2 and layer 3 traffic, but