Hello
I'm running several jails on lo0, some of them must have limited access to the Internet.
However, it looks like no rules intercept packets from them, neither on lo0, nor on ext_if
Even
block quick proto tcp from $jail_nginx to any port smtp
as the first rule doesn't seems to work.
OpenBSD's PF supports match ... nat-to, but not FreeBSD's.
What should I do to filter outbound traffic from jails on lo0?
Alex
I'm running several jails on lo0, some of them must have limited access to the Internet.
However, it looks like no rules intercept packets from them, neither on lo0, nor on ext_if
Even
block quick proto tcp from $jail_nginx to any port smtp
as the first rule doesn't seems to work.
OpenBSD's PF supports match ... nat-to, but not FreeBSD's.
What should I do to filter outbound traffic from jails on lo0?
Alex