PfSense Packet filter on only bridge not working.

tinyplum

4 Physical interfaces with 4 Vlans each.

• igb0
  • igb0.10
  • igb0.20
  • igb0.30
  • igb0.40
• igb1
  • igb1.10
  • igb1.20
  • igb1.30
  • igb1.40
• igb2
  • igb2.10
  • igb2.20
  • igb2.30
  • igb2.40
• igb3
  • igb3.10
  • igb3.20
  • igb3.30
  • igb3.40

---

Each vlans is bridged across the 4 interfaces.

IP Addresses and dhcp servers are assigned on the bridges

• vlan10 (bridge1)10.0.10.1/26
  • igb0.10
  • igb1.10
  • igb2.10
  • igb3.10
• vlan20 (bridge2) 10.0.20.1/26
  • igb0.20
  • igb1.20
  • igb2.20
  • igb3.20
• vlan30 (bridge3) 10.0.30.1/26
  • igb0.30
  • igb1.30
  • igb2.30
  • igb3.30
• vlan40 (bridge4) 10.0.40.1/26
  • igb0.40
  • igb1.40
  • igb2.40
  • igb3.40

---

System tunables

• net.link.bridge.pfil_member = 0
• net.link.bridge.pfil_bridge = 1

---

Firewall log

Time	Interface	Rule Number	Source	Destination	Protocol
2024-06-19 16:18:59.410814-04:00	IGB0_10	(1000018270)	10.1.10.28:40425	239.255.255.250:1900	UDP

There are many more logs like this one.
I have rules applied to Vlan10 (bridge 1) to allow the traffic that is blocked in the log example shown above.
There are no rules on any of the vlan interfaces, i.e, igb0.10, igb1.20, ect.

---

Actions taken

• Bring down then up vlan interface.

  • Result: Began to see some states associated with rule on vlan10 (bridge1); however, there were still matches for traffic in the firewall logs for interface igb0_10 as well as matches for rules on vlan10 (bridge1).

• Reboot Router

  • Result: No apparent change.

• Fresh install and reconfiguration of the entire router from scratch

  • Result: No apparent change.

---

It seems that only some traffic is being evaluated against the interface rules and some against the bridge rules.
Can anyone help me solve this issue?