20.12.2022 13:50, Markus Graf пишет:
I upgraded a host from 13.0 to 13.1I can't have a physical interface as member of the jailbridge, because this leaks virtual mac addresses of epair interfaces to the outside world where my hoster looks unkindly on mac-addresses not belonging to the nic of my server. So I have vnet jails behind a common ifbridge. All jails have their default routes point to the bridge-interface of the host. The host works as a router. Tags stopped working across vnet and bridge ------------------------------------------- On a long running host that is still currently running 13.0 I have this line in a vnet jail with an epair interface acme_j: allow tag 128 tcp from me to any 80,443 via acme_j setup uid root keep-state On the host I see the tags: # ipfw -a list 570 00570 112 11276 count tagged 128 On the updated 13.1 machine the host does not see the tags, or I can't get the host to count them. with epair0a being a member of the bridge. If I fetch a file in the vnet jail containing epair0b the counters of em0 and bridge0 increment, but the counter of epair0a does not increment. Tcpdump -i epair0a does show the traffic though.
Hi, probably this commit caused your problem https://reviews.freebsd.org/D32663 -- WBR, Andrey V. Elsukov
OpenPGP_signature
Description: OpenPGP digital signature
