Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Transparent Bridge Filter Confusion

    Problems Installing or Upgrading pfSense Software
    3
    5
    1.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      insideout
      last edited by

      I am new to pfSense, and I am trying to install and set up a transparent bridge on a Nokia IP130.  The install was without issue but I am confused with respect to transparent bridge filtering.  Some documents indicate filtering is to be done on the bridge interface and not the bridge member interfaces, and other documents/posts reference the default of filtering on the bridge member interfaces.  I have bridged the WAN and OPT interfaces, neither of which is to have an IP address.  The LAN interface is my management interface  - it has a static IP.

      Could someone please enlighten me with respect to the following:
      1.  Under what conditions/requirements would I filter on the bridge interface?
      2.  Under what conditions/requirements would I filter on the bridge member interfaces?

      Thanks,

      1 Reply Last reply Reply Quote 0
      • W
        wallabybob
        last edited by

        @insideout:

        1.  Under what conditions/requirements would I filter on the bridge interface?
        2.  Under what conditions/requirements would I filter on the bridge member interfaces?

        1. You want the common filtering on all bridge members, for example, wired LAN and WiFi should both have full access to the other.
        2. You want different filtering on each member of the bridge interface, for example, in your configuration you might want to block pings arriving on "WAN" and pass pings arriving on OPTx.

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          In a transparent bridge setup you would normally leave filtering on the member interfaces (the default position).
          This is because traffic will mostly flow across the bridge only and not from the bridge to separate interface. However, as Wallabybob says, if you have further interfaces not included in the bridge you may want to enable filtering on the bridge interface to simplify the firewall rules.

          Steve

          1 Reply Last reply Reply Quote 0
          • I
            insideout
            last edited by

            Thanks for the enlightenment!

            Then as I understand it, I set up rules on my OPTx and WLAN interfaces for traffic passing between these interfaces since I have bridged these interfaces.  However, since the LAN interface is my management interface I can set up filtering on the bridge interface for any traffic between the OPTx-WLAN bridge and the LAN interface?

            1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by

              Yes, providing you have modified the appropriate sysctl to enable it.

              Steve

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.