PfSense Packet filter on only bridge not working.
-
4 Physical interfaces with 4 Vlans each.
- igb0
- igb0.10
- igb0.20
- igb0.30
- igb0.40
- igb1
- igb1.10
- igb1.20
- igb1.30
- igb1.40
- igb2
- igb2.10
- igb2.20
- igb2.30
- igb2.40
- igb3
- igb3.10
- igb3.20
- igb3.30
- igb3.40
Each vlans is bridged across the 4 interfaces.
IP Addresses and dhcp servers are assigned on the bridges
- vlan10 (bridge1)10.0.10.1/26
- igb0.10
- igb1.10
- igb2.10
- igb3.10
- vlan20 (bridge2) 10.0.20.1/26
- igb0.20
- igb1.20
- igb2.20
- igb3.20
- vlan30 (bridge3) 10.0.30.1/26
- igb0.30
- igb1.30
- igb2.30
- igb3.30
- vlan40 (bridge4) 10.0.40.1/26
- igb0.40
- igb1.40
- igb2.40
- igb3.40
System tunables
- net.link.bridge.pfil_member = 0
- net.link.bridge.pfil_bridge = 1
Firewall log
Time Interface Rule Number Source Destination Protocol 2024-06-19 16:18:59.410814-04:00 IGB0_10 (1000018270) 10.1.10.28:40425 239.255.255.250:1900 UDP There are many more logs like this one.
I have rules applied to Vlan10 (bridge 1) to allow the traffic that is blocked in the log example shown above.
There are no rules on any of the vlan interfaces, i.e, igb0.10, igb1.20, ect.
Actions taken
-
Bring down then up vlan interface.
- Result: Began to see some states associated with rule on vlan10 (bridge1); however, there were still matches for traffic in the firewall logs for interface igb0_10 as well as matches for rules on vlan10 (bridge1).
-
Reboot Router
- Result: No apparent change.
-
Fresh install and reconfiguration of the entire router from scratch
- Result: No apparent change.
It seems that only some traffic is being evaluated against the interface rules and some against the bridge rules.
Can anyone help me solve this issue? - igb0