Solved What is the PF's interface name when FreeBSD is on virtualbox?

[marcus123]

Hi all,

I am trying to use pf on FreeBSD 14.1, my testing FreeBSD is on VirtualBox as a guest, when I define the external interface in pf.conf, I am not sure what the interface name should be...

In my pf.conf, I have tried to use:

ext_if = "vtnet0"

block all
pass in on $ext_if proto tcp to port { 80 443 }

it should allow access to the web server, but it is blocked, if I remove the "on $ext_if" as below, it works:

ext_if = "vtnet0"

block all
pass in proto tcp to port { 80 443 }

so it seems the ext_if is incorrect, but what name should I put it?

Thanks.

 

[Emrion]

See it with the result of ifconfig.

 

[marcus123]

thanks, in the FreeBSD, ifconfig shows I have "em0", "lo0" and "pflog0", I have tried to use:

ext_if = "em0"

but it doesn't work too... FYI, the FreeBSD VM network setting is using "Bridged Adapter" on VirtualBox.

 

[SirDice]

What is the interface name when FreeBSD is on virtualbox?

It depends on how the interface was configured in the VM settings. I believe by default Virtualbox picks "Intel PRO/1000 MT Desktop" for a FreeBSD guest, which will be em(4). I usually set this to "Paravirtualized Network (virtio-net)" which then shows up as vtnet(4).

 

[Emrion]

FYI, I tested these rules in a 14.0-RELEASE VM in VirtualBox. The interface is em0, also with "bridged adapter". This just works as intended: all packets in & out are blocked except TCP 80 & 443 in.

 

[marcus123]

Thanks all, yes, em0 is correct. Finally I find that I've used an incorrect way to update the rules, I should use "pfctl -f pf.conf" instead of restarting the pf service, that's why the results keep confused me, sorry that I am a newbie.

 

[SirDice]

You can use service pf reload.

pf_reload()
{
        echo "Reloading pf rules."
        pf_resync
}

pf_resync()
{
        $pf_program -n -f "$pf_rules" $pf_flags || return 1
        $pf_program -f "$pf_rules" $pf_flags
}