uname -a: FreeBSD freebsd11_master.kvm 11.0-CURRENT FreeBSD 11.0-CURRENT #0 r285616: Thu Jul 16 02:21:59 UTC 2015 root@releng2.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64 +----------+ +-----------+ +----------+ | | em0| |em1 | | | host1 +--------+ FreeBSD +--------+ host2 | | | | | | | +----------+ +-----------+ +----------+ |em2 | | v I have FreeBSD machine which forwards packets between host1 and host2. This machine has also an additional interface (em2) which act as span interface - all traffic between host1 and host2 is copied into it. To achieve this scenario I can set bridge with em0 and em1 as members and em2 as span interface. But I would like to get same result using pf instead. So I tried to use this rules: pass out on em0 dup-to em2 no state pass out on em1 dup-to em2 no state But it doesn't work. No packets appear on interface em2. I've checked same configuration on OpenBSD (version 5.7) and everything worked well.
FreeBSD 11.0 is no longer supported. If this problem can be reproduced on 12.0 or 11.2 please re-open this bug, ideally with a reproduction script.