Different filtering for bridges
-
Pfsense currently generates "pass all out on xxx" for all the bridgemembers and the user has to create the inbound rules. Wouldn't it be easier, even more logical to pass everything in/out on the interface near the servers, so that the user only has to create rules on the WAN interface? I assume this only makes sense when working with 2 bridgemembers, which is most used I think (??).
I'm curious what others think. My experience is limited to routing setups with checkpoint, so I'm new to bridges (although I built bridges in the army :))
-
-HEAD features bridge groups where you can assign rules to the bridges themselves. This will be in 2.0. But for 1.X we will keep the functionality the same as it is now.
-
Rapid spanning tree also in -HEAD?
see http://www.freebsd.org/news/status/report-june-2006-oct-2006.html#Bridge-Spanning-Tree-Protocol-Improvements
-
No GUI for the feature just yet but it is planned.
-
ok, thx for the answer.