• Trying to implement a new firewall and wondering on the set-up .  3 Nic's are set-up, one for WAN, LAN, and one for our POS CC Interface system.  The trouble is lying with the POS.  Currently it is on a separate subnet, and goes through a router in which it picks up and IP address relevant to the LAN side, points to the default gateway and is plugged into a simple D-link router, with the LAN, then out to the world.  How should I set up this NIC through the pfsense firewall–brige? or LAN with default gateway? ?? If I set it up as a bridge, does this take away from being able to traffic shape?  I appreciate any help with this, as I'm far from being an expert with routers.

  • I would leave it as a separate subnet and not bridge it (it doesn't sound like it needs to - or should - talk to the LAN). Set up your firewall rules to block traffic to/from the LAN for security and since you probably have fixed endpoints for the POS transactions you can be very restrictive with the traffic coming/going from the WAN too.

  • Would I then set up the firewall rules for the POS interface to be

    Block    Interface:POS  Source:Any    Destination:LAN subnet
    Allow    Interface:POS  Source:Any    Destination:WAN