Suggestion: Two Improvements to Pfsense
-
1) In the GUI where the anti-lock out rule is located. You should be able to apply that safety feature to more then just the default LAN. Allow it on all LANs and Bridges.
2) In terminal where your setting up your ports. You should be able to set up more then one LAN port. If you do choose to set up more then one LAN port, the setup will set it up as a bridge. If you set up only one LAN port; the setup will set it up the LAN port the way it does now.
You may also want to consider setting up the LAN as a bridge by default. If you have only one LAN port, then the bridge will only have a LAN connection on it. This will make it an order of magnitude faster to add LAN ports after the fact.
-
You may also want to consider setting up the LAN as a bridge by default. If you have only one LAN port, then the bridge will only have a LAN connection on it. This will make it an order of magnitude faster to add LAN ports after the fact.
Bridge in pfSense is discouraged, as it is software based and lacks performance in comparision to a switch. So making this a default is quite stupid.
-
You may also want to consider setting up the LAN as a bridge by default. If you have only one LAN port, then the bridge will only have a LAN connection on it. This will make it an order of magnitude faster to add LAN ports after the fact.
Bridge in pfSense is discouraged, as it is software based and lacks performance in comparision to a switch. So making this a default is quite stupid.
There has to be some way for Pfsense to have the same performance as a switch when the equipment it is installed on has multiple ethernet ports.
-
You may also want to consider setting up the LAN as a bridge by default. If you have only one LAN port, then the bridge will only have a LAN connection on it. This will make it an order of magnitude faster to add LAN ports after the fact.
Bridge in pfSense is discouraged, as it is software based and lacks performance in comparision to a switch. So making this a default is quite stupid.
There has to be some way for Pfsense to have the same performance as a switch when the equipment it is installed on has multiple ethernet ports.
No.
You're comparing apples with oranges.
One is a general purpose PC.
The other is an ASIC. -
The apple that tastes like an orange https://store.netgate.com/SG-3100.aspx ? (it has a switch on board)
-
1) In the GUI where the anti-lock out rule is located. You should be able to apply that safety feature to more then just the default LAN. Allow it on all LANs and Bridges.
You only have one LAN, other interfaces are called OPTx for a reason but can be renamed to your liking.
Ruleset to those interfaces varies on usage which means that applying an anti-lockout rule to your firewall on a DMZ interface is … nonsense at least.
You can copy these rules yourself to other interfaces if needed.Configuring a bridge is nothing you want to do in a software router regularly. Get rid of that idea quickly!
Each packet has to travel from the incoming interface through the software stack down to the kernel and back up to the outgoing interface again. This is not the equivalent to a switch, never was, never will be.Having understood that, your 2) is irrelevant.
You may also want to consider setting up the LAN as a bridge by default.
Maybe suggestions like these should only be made if you understand the mechanics behind it…
This will make it an order of magnitude faster to…
…have a borked configuration.
-
PfSense was never designed to be a replacement for a proper switch so don't expect it to perform like one.