LAN Bridge not responding to DHCP and not passing traffic

dougfultz

I'm attempting to follow https://www.netgate.com/docs/pfsense/book/bridging/bridging-and-interfaces.html#quick-but-tricky-reassign-the-bridge-as-lan to create a LAN Bridge. This results in any hosts connected to the member interfaces not being able to get a DHCP address or if a static address was configured, they are unable to ping the LAN IP. I've clicked all of the Apply Settings buttons and rebooted for good measure.

Here is the config diff from a clean install, it includes a rule for allowing access to the web UI from the WAN interface.

--- /conf/backup/config-1535334901.xml	2018-08-27 01:57:03.541335000 +0000
+++ /conf/config.xml	2018-08-27 02:07:10.781911000 +0000
@@ -55,22 +55,37 @@
 		<wan>
 			<enable></enable>
 			<if>em0</if>
-			<mtu></mtu>
-			<ipaddr>dhcp</ipaddr>
-			<ipaddrv6>dhcp6</ipaddrv6>
-			<subnet></subnet>
-			<gateway></gateway>
-			<blockpriv></blockpriv>
 			<blockbogons></blockbogons>
+			<descr><![CDATA[WAN]]></descr>
+			<ipaddr>dhcp</ipaddr>
 			<dhcphostname></dhcphostname>
-			<media></media>
-			<mediaopt></mediaopt>
+			<alias-address></alias-address>
+			<alias-subnet>32</alias-subnet>
+			<dhcprejectfrom></dhcprejectfrom>
+			<adv_dhcp_pt_timeout></adv_dhcp_pt_timeout>
+			<adv_dhcp_pt_retry></adv_dhcp_pt_retry>
+			<adv_dhcp_pt_select_timeout></adv_dhcp_pt_select_timeout>
+			<adv_dhcp_pt_reboot></adv_dhcp_pt_reboot>
+			<adv_dhcp_pt_backoff_cutoff></adv_dhcp_pt_backoff_cutoff>
+			<adv_dhcp_pt_initial_interval></adv_dhcp_pt_initial_interval>
+			<adv_dhcp_pt_values>SavedCfg</adv_dhcp_pt_values>
+			<adv_dhcp_send_options></adv_dhcp_send_options>
+			<adv_dhcp_request_options></adv_dhcp_request_options>
+			<adv_dhcp_required_options></adv_dhcp_required_options>
+			<adv_dhcp_option_modifiers></adv_dhcp_option_modifiers>
+			<adv_dhcp_config_advanced></adv_dhcp_config_advanced>
+			<adv_dhcp_config_file_override></adv_dhcp_config_file_override>
+			<adv_dhcp_config_file_override_path></adv_dhcp_config_file_override_path>
+			<ipaddrv6>dhcp6</ipaddrv6>
 			<dhcp6-duid></dhcp6-duid>
 			<dhcp6-ia-pd-len>0</dhcp6-ia-pd-len>
+			<dhcp6cvpt>bk</dhcp6cvpt>
+			<adv_dhcp6_prefix_selected_interface>wan</adv_dhcp6_prefix_selected_interface>
+			<spoofmac></spoofmac>
 		</wan>
 		<lan>
 			<enable></enable>
-			<if>em1</if>
+			<if>bridge0</if>
 			<ipaddr>192.168.1.1</ipaddr>
 			<subnet>24</subnet>
 			<ipaddrv6>track6</ipaddrv6>
@@ -79,7 +94,20 @@
 			<mediaopt></mediaopt>
 			<track6-interface>wan</track6-interface>
 			<track6-prefix-id>0</track6-prefix-id>
+			<descr><![CDATA[LAN]]></descr>
 		</lan>
+		<opt1>
+			<descr><![CDATA[OPT1]]></descr>
+			<if>em1</if>
+			<enable></enable>
+			<spoofmac></spoofmac>
+		</opt1>
+		<opt2>
+			<descr><![CDATA[OPT2]]></descr>
+			<if>em2</if>
+			<enable></enable>
+			<spoofmac></spoofmac>
+		</opt2>
 	</interfaces>
 	<staticroutes></staticroutes>
 	<dhcpd>
@@ -122,6 +150,38 @@
 	</nat>
 	<filter>
 		<rule>
+			<id></id>
+			<tracker>1535335398</tracker>
+			<type>pass</type>
+			<interface>wan</interface>
+			<ipprotocol>inet</ipprotocol>
+			<tag></tag>
+			<tagged></tagged>
+			<max></max>
+			<max-src-nodes></max-src-nodes>
+			<max-src-conn></max-src-conn>
+			<max-src-states></max-src-states>
+			<statetimeout></statetimeout>
+			<statetype><![CDATA[keep state]]></statetype>
+			<os></os>
+			<protocol>tcp</protocol>
+			<source>
+				<any></any>
+			</source>
+			<destination>
+				<network>wanip</network>
+			</destination>
+			<descr><![CDATA[Allow Web UI]]></descr>
+			<updated>
+				<time>1535335398</time>
+				<username>admin@192.168.1.101</username>
+			</updated>
+			<created>
+				<time>1535335398</time>
+				<username>admin@192.168.1.101</username>
+			</created>
+		</rule>
+		<rule>
 			<type>pass</type>
 			<ipprotocol>inet</ipprotocol>
 			<descr><![CDATA[Default allow LAN to any rule]]></descr>
@@ -147,9 +207,11 @@
 				<any></any>
 			</destination>
 		</rule>
+		<separator>
+			<wan></wan>
+		</separator>
 	</filter>
-	<shaper>
-	</shaper>
+	<shaper></shaper>
 	<ipsec></ipsec>
 	<aliases></aliases>
 	<proxyarp></proxyarp>
@@ -279,8 +341,7 @@
 		<period>10</period>
 	</widgets>
 	<openvpn></openvpn>
-	<dnshaper>
-	</dnshaper>
+	<dnshaper></dnshaper>
 	<unbound>
 		<enable></enable>
 		<dnssec></dnssec>
@@ -299,8 +360,39 @@
 		<prv><<SNIP>></prv>
 	</cert>
 	<revision>
-		<time>1535334901</time>
-		<description><![CDATA[(system): Generated new self-signed HTTPS certificate (5b8359f508cb1)]]></description>
-		<username>(system)</username>
+		<time>1535335630</time>
+		<description><![CDATA[admin@192.168.180.2: /system_advanced_sysctl.php made unknown change]]></description>
+		<username>admin@192.168.180.2</username>
 	</revision>
+	<ppps></ppps>
+	<gateways></gateways>
+	<bridges>
+		<bridged>
+			<members>opt1,opt2</members>
+			<descr><![CDATA[LAN Bridge]]></descr>
+			<maxaddr></maxaddr>
+			<timeout></timeout>
+			<maxage></maxage>
+			<fwdelay></fwdelay>
+			<hellotime></hellotime>
+			<priority></priority>
+			<proto>rstp</proto>
+			<holdcnt></holdcnt>
+			<ifpriority></ifpriority>
+			<ifpathcost></ifpathcost>
+			<bridgeif>bridge0</bridgeif>
+		</bridged>
+	</bridges>
+	<sysctl>
+		<item>
+			<tunable>net.link.bridge.pfil_member</tunable>
+			<value>0</value>
+			<descr><![CDATA[Packet filter on the member interface]]></descr>
+		</item>
+		<item>
+			<tunable>net.link.bridge.pfil_bridge</tunable>
+			<value>1</value>
+			<descr><![CDATA[Packet filter on the bridge interface]]></descr>
+		</item>
+	</sysctl>
 </pfsense>

Any suggestions? I'm clearly missing something.