2.6.0-RELEASE BRIDGE Interface “transparent firewall” ISSUE
-
Hello Everyone!
Just reporting my experience with BRIDGE interface on the new release, that's looks a packet filter bug.
2.6.0-RELEASE (amd64)
built on Mon Jan 31 19:57:53 UTC 2022
FreeBSD 12.3-STABLEIntel(R) Xeon(R) CPU E5607 @ 2.27GHz
8 CPUs: 2 package(s) x 4 core(s)
AES-NI CPU Crypto: Yes (inactive)
QAT Crypto: No- BRIDGE Interface “transparent firewall”
WAN bce0/bce1 as LAGG0 FAILOVER | | as BRIDGE0 200.10.0.1/24 LAN em0 ----------------------- |
- System Tunables
net.link.bridge.pfil_member: 0 net.link.bridge.pfil_bridge: 1
- By doing that I assume BRIDGE as interface to apply all my rules leaving the WAN and LAN interfaces "Active" but without any IP and Rules configuration.
- BRIDGE0 firewall rule
--- IN packets
Action: Pass Protocol: IPv4 * Source: ANY Destination: 200.10.0.100 Port: 8080
--- OUT packets
Action: Pass Protocol: IPv4 * Source: 200.10.0.100 Destination: ANY Port: 8080
This scenario allows the 200.10.0.100 communicate IN/OUT on port 8080 "only" as configured. But in fact the OUT filter allowing all the ports, it looks like the OUT filter don't working on this 2.6.0-RELEASE. No issue on the IN filter.
As reference I have the same scenario configuration running perfectly on the 2.5.1-RELEASE.
Could someone test and verify if this is a bug?
-
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.