I have strange issue which i really cant nail it - trying to do it for months - to set up honeypot within a jail.
I cant filter the traffic coming from jail to host running jails. Outgoing traffic to any other pysical host on internal networks works nicely but once i try to prevent traffic from jail to host it fails miserably.
The funny thing is that running tcpdump -i vnet0:3 is showing the traffic but pf doesnt block it.
block quick on vnet0:3 proto tcp from $jail_ip to any
There is one way i can do it, to actually block traffic on physical interface as 'in' rule but this seems clumsy.
The rule blocks fine if i try to access internet/internal network but fails if i try to access host.
Additional problem i have is writting rules, device is composed out of vnet0:<jail id> and the id is changing, how to fix this except scripting it?
Thank you for your help (or even reading this
)