My jail is on an alias of lo0 (like 127.0.0.8/32). But due to residing on lo0, the jail does not show a loopback. This is a problem because I want to lock down jail in/out bound packets by port but the jail-enabled processes need loopback to function (?). What are the alternate solutions to this problem? Maybe I could (from most preferable to least),
- a. Create a virtual loopback in the jail (have no idea how or even if possible).
b. Specify static ports for services that need loopback, then allow those ports in pf.conf.
c. Use cloned interface instead of alias for each jail (lo1, lo2, etc).