# PF and Jails Question



## piercedwater (Jun 16, 2022)

So, I am in search of an explanation as to why the following rule works for my FreeBSD 13.1-RELEASE machine with several jails. I have the jails setup on their own loopback interface (lo1) as well as an internal IPs on re0. 

lo0: 
...
    inet 127.0.0.1 netmask 0xff000000
...

lo1: 
...
    inet 127.0.1.2 netmask 0xffffffff
    inet 127.0.1.6 netmask 0xffffffff
    inet 127.0.1.4 netmask 0xffffffff
    inet 127.0.1.5 netmask 0xffffffff
...

re0: 
...
    inet 192.168.254.134 netmask 0xffffff00 broadcast 192.168.254.255
    inet 192.168.254.41 netmask 0xffffffff broadcast 192.168.254.41
    inet 192.168.254.45 netmask 0xffffffff broadcast 192.168.254.45
    inet 192.168.254.43 netmask 0xffffffff broadcast 192.168.254.43
    inet 192.168.254.44 netmask 0xffffffff broadcast 192.168.254.44
...

Here is the PF rule which allowed me to access all jails, from 192.168.254.134, which is on the same machine as the jails:

```
pass in on lo from re0 to any
```
I have also been able to replace "any" in the above rule with the /etc/hosts name of each jail and it works. I am happy, but I am also very curious as to why this works?


----------



## SirDice (Jun 16, 2022)

lo includes lo0 and lo1.


----------



## piercedwater (Jun 16, 2022)

Easy enough, thanks.


----------

