From owner-freebsd-pf@freebsd.org  Sun Aug  7 15:23:53 2016
Return-Path: <owner-freebsd-pf@freebsd.org>
Delivered-To: freebsd-pf@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 778CEBB07E1;
 Sun,  7 Aug 2016 15:23:53 +0000 (UTC)
 (envelope-from stdin@niklaas.eu)
Received: from mx.box-hlm-01.niklaas.eu (mx.box-hlm-01.niklaas.eu
 [IPv6:2a02:2770:15:0:21a:4aff:fe1b:d1ad])
 by mx1.freebsd.org (Postfix) with ESMTP id 48F2919E2;
 Sun,  7 Aug 2016 15:23:53 +0000 (UTC)
 (envelope-from stdin@niklaas.eu)
Received: from len-t420.klaas (unknown
 [IPv6:2a02:908:d722:7b00:224:d7ff:feec:38e0])
 by mx.box-hlm-01.niklaas.eu (Postfix) with ESMTPSA id 6622F2C35B3;
 Sun,  7 Aug 2016 17:23:51 +0200 (CEST)
Date: Sun, 7 Aug 2016 17:23:47 +0200
From: Niklaas Baudet von Gersdorff <stdin@niklaas.eu>
To: freebsd-pf@freebsd.org, freebsd-questions@freebsd.org
Subject: Re: Firewalling jails and lo0
Message-ID: <20160807152347.GA9178@len-t420.klaas>
Reply-To: stdin@niklaas.eu
Mail-Followup-To: freebsd-pf@freebsd.org, freebsd-questions@freebsd.org
References: <20160806155411.GA5289@len-t420.klaas>
 <3C1C4822-17C2-42D9-A9BE-C3549B9B6F25@lists.zabbadoz.net>
 <20160807082651.GA87754@box-hlm-03.niklaas.eu>
 <57A743A8.10005@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <57A743A8.10005@gmail.com>
User-Agent: Mutt/1.6.0 (2016-04-01)
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
 \(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf/>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Aug 2016 15:23:53 -0000

Ernie Luzar [2016-08-07 10:20 -0400] :

> I believe the loopback interface lo1 needs 127.0.0.0/8 ip address to enable
> loopback functionally, and the ip address has to be a different sub-net. IE
> 127.0.10.1 for lo1 while the hosts lo0 uses 127.0.0.1

Aha. So once I assigned those traffic from/to jails should go
through lo1 solely?

    Niklaas