Hi Stuart,
Thank you so much for pointing it to me. I have to re-read manual pages
before asking questions here :)
On 2019-12-07 16:32, Stuart Henderson wrote:
On 2019-12-07, Atanas Vladimirov <[email protected]> wrote:
Bridge0 is my primary lan network where the VMs are connected and the
only interface that is configured with dhclient is em0 which is not
part
of any bridge.
The dhclient caveat doesn't apply to you then.
Yes, I was almost sure that the dhclient should not affect my setup.
If you change to a standard "pass" rule that will evaluate the
interface
group at runtime rather than load time, which is what you want here.
Things can get complicated with PF and bridges, but I think something
like
"pass quick on tap flags any no state" near the start of your rules
will
probably do what you want.
Thanks, now it works as I wanted.
Best regards,
Atanas
