Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Bridged Firewall

    Firewalling
    1
    1
    1609
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      Phil last edited by

      The recently removed option in System->Advanced says:

      Enable filtering bridge
      This setting no longer exists as it is unnecessary. Filtering occurs on the member interfaces of the bridge and cannot be disabled.

      The operative word there is interfaceS - i.e. plural. My question is… Why can I only add filter rules (which work) to block traffic from certain hosts on the optional interface that forms the far side of the bridge from the WAN interface, where the packets come in on. That's to say if I have WAN and OPT1 bridged, why do firewall rules for inbound packets only work when they're assigned to OPT1 and not WAN?

      This means that, if I want to block a source address from sending packets to both the other side of the bridge and the pfsense box itself, I need to add 2 duplicate rules on 2 different interfaces.

      Am I missing something here or is this illogical?

      Phil

      1 Reply Last reply Reply Quote 0
      • First post
        Last post