From owner-freebsd-net@freebsd.org  Sun Jun 26 00:13:19 2016
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id A6B48A79472
 for <freebsd-net@mailman.ysv.freebsd.org>;
 Sun, 26 Jun 2016 00:13:19 +0000 (UTC)
 (envelope-from asomers@gmail.com)
Received: from mail-oi0-x22d.google.com (mail-oi0-x22d.google.com
 [IPv6:2607:f8b0:4003:c06::22d])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 6D5681EE7
 for <freebsd-net@freebsd.org>; Sun, 26 Jun 2016 00:13:19 +0000 (UTC)
 (envelope-from asomers@gmail.com)
Received: by mail-oi0-x22d.google.com with SMTP id s66so159996881oif.1
 for <freebsd-net@freebsd.org>; Sat, 25 Jun 2016 17:13:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:sender:in-reply-to:references:from:date:message-id
 :subject:to:cc;
 bh=TPNCsbSyjkLs68lPl0noUN0XrM7O0cLNoBVB83lJczI=;
 b=AcOjw1ThIpg3oG+OE6OxH+p1aHyBi3tmgWChuS7I4zwKV6XcdaD8jMC7gEUYTTtFHb
 fy6phM3IUWyAlSssminw4fQ/piF5vSTpn5MSjJtevPzSKi2uiHQiKPVVliNC52BT2UXO
 pnUXNrU7QEalTXl9MNwnAA+9yvuYZMfAcwpoqmcQ91KrNZiXKP0D5D5O5rpLzeXYUdQ2
 OqX1GhRl9K3dw7TAFrpQbySVGPhF130lz3hm6QHOkTHF9GoJpRyoDlVz7obyu1rXGxT7
 OQuou7l5roXYt2HSvmDqSGVzMiOa5Jn2FCYtJWId2MxFcDI7B+J0d4WNt9iJcNKNkpiq
 s0Kg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
 :date:message-id:subject:to:cc;
 bh=TPNCsbSyjkLs68lPl0noUN0XrM7O0cLNoBVB83lJczI=;
 b=ZEhjRHZSRHDpv03Auey08xYUdU6aVRfjc1sFjFN6Zl5LUblXpDTJY2dd4LcZfBLcHk
 3OpW987nwiHD+ra1p+507A/1EMmtPLgw7Mh/yoxh+mmAPrFv2wYkiEDH4Xnq3LPHjCk6
 zfSmrgy/9oZoBitHMfM8rrBHIvXzvsrr6q3ZK0nPSjhHMzL3zOPy8uS7hgTmzpkCdNnT
 tCFiTR9kHw95K/PGmIS1Ew+GPiK4s3Eknnt8O7J3vHxgIN9ZegsOPIwimjd8Oz+YogTK
 95FktopEgZHcedfFJPo+wuoa0xrOK6SHi+gv0b8Q86FrzKK4Wy1W0J5qaMYV8cqFWXnW
 fE6Q==
X-Gm-Message-State: ALyK8tIIXIZAJn2hln4A6GtK8Ps8tBv4pdWWqqXf0El0ZY/yA88VsCjy+lZ3DCYNJ6uvc+k2ZVMv19bq4hzDNA==
X-Received: by 10.202.224.136 with SMTP id x130mr7419406oig.105.1466899998606; 
 Sat, 25 Jun 2016 17:13:18 -0700 (PDT)
MIME-Version: 1.0
Sender: asomers@gmail.com
Received: by 10.202.168.149 with HTTP; Sat, 25 Jun 2016 17:13:18 -0700 (PDT)
In-Reply-To: <20160625220551.646eccb6@copperhead.int.arc7.info>
References: <20160625164240.7cea7587@copperhead.int.arc7.info>
 <20160625234636.2f086908@x23>
 <20160625220551.646eccb6@copperhead.int.arc7.info>
From: Alan Somers <asomers@freebsd.org>
Date: Sat, 25 Jun 2016 18:13:18 -0600
X-Google-Sender-Auth: viZTBTYtLaxBEZ9WUcQhBxbrqz4
Message-ID: <CAOtMX2hv_ePxVwrzYaXBjcO=uCez4V50OGFGCrzjCV87az9RLw@mail.gmail.com>
Subject: Re: ifconfig: BRDGADD lo1: invalid argument
To: org.freebsd.security@io7m.com
Cc: Marko Zec <zec@fer.hr>, FreeBSD Net <freebsd-net@freebsd.org>
Content-Type: text/plain; charset=UTF-8
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 26 Jun 2016 00:13:19 -0000

On Sat, Jun 25, 2016 at 4:05 PM,  <org.freebsd.security@io7m.com> wrote:
> Hello!
>
> On 2016-06-25T23:46:36 +0200
> Marko Zec <zec@fer.hr> wrote:
>>
>> if_bridge(4) works only with ethernet interfaces, and lo(4) isn't such a
>> thing.
>
> Has this always been the case? I'm almost certain that I set up jails
> with extra loopback devices that communicated over bridges back in the
> FreeBSD 6 days.
>
>> Assuming you are using vnet jails, take a look at if_epair(4): assign
>> one endpoint to the bridge, and the another one to the jail.
>
> I'm not using vnet jails. I'm actually just trying to get filtering of
> outbound traffic (see the other mail I sent to this list a few seconds
> before you responded).

Based on my experience, I highly recommend vnet jails if you want
outbound filtering.  It's much simpler than trying to filter outbound
traffic from shared-IP jails.

>
>> If you're not using vnet jails, you should simply add an alias address
>> to em0.
>
> Could you explain a little more here?
>
> M
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"