bhyve and firewall / bridge filtering

Hello world :-)

I think that Handbook could be updated with small but important
information on how to best unfilter networking on a bhyve host where
firewall is in place.

This is not that obvious at first and the simplest idea to test is to
disable host firewall. That helps but also leaves host machine
vulnerable. I have found a solution on the FreeBSD Forums [1] and
proposed "vm" man page update [2].

If anyone experienced could verify is this is the best solution,
please let me know, this could be also added to the Handbook :-)

Thanks :-)
Tomek

===
If a host that runs virtual machine has active firewall then bridge
filtering needs to be disabled by adding following lines to
loader.conf(5) or sysctl.conf(5):

net.link.bridge.ipfw=0
net.link.bridge.pfil_bridge=0
net.link.bridge.pfil_member=0

You can also disable bridge packet filtering at runtime with sysctl(8):

# sysctl net.link.bridge.ipfw=0
# sysctl net.link.bridge.pfil_bridge=0
# sysctl net.link.bridge.pfil_member=0
===

[1] https://forums.freebsd.org/threads/bhyve-and-firewall-on-host.75089/
[2] https://github.com/churchers/vm-bhyve/pull/510

-- 
CeDeROM, SQ7MHZ, http://www.tomek.cedro.info