I have a bridge veb0 to which is connected tap1, the interface of a virtual
machine.
On the bridge I have a rule for tap1:
pass in on tap1 src 11:22:33:44:55:66 tag VM1
In the bridge I also have an interface vport0 with the IP address
1921.168.0.1
This virtual machine has the IP 192.168.0.2
When a packet comes out of the VM (i.e: curl) it gets tagged by the rule
that I have on the veb bridge.
I know the tag is working because I can drop packets with pf (pf.conf) if I
add that rule:
block in on tap1 tagged VM1
I have relayd listening on vport0 and in my relayd.conf I have this filter:
pass path "/something.html" tagged VM1
It doesn't work. If I try to match only the path it works, only the IP it
works, etc... but the tag doesn't match.
Is it supposed to work ? Does the veb strips the tag ?
thank you,
Nick
No comments:
Post a Comment