Different filtering for bridges

prodius · Dec 18, 2006, 7:16 PM

Pfsense currently generates "pass all out on xxx" for all the bridgemembers and the user has to create the inbound rules. Wouldn't it be easier, even more logical to pass everything in/out on the interface near the servers, so that the user only has to create rules on the WAN interface? I assume this only makes sense when working with 2 bridgemembers, which is most used I think (??).

I'm curious what others think. My experience is limited to routing setups with checkpoint, so I'm new to bridges (although I built bridges in the army :))

sullrich · Dec 18, 2006, 10:49 PM

-HEAD features bridge groups where you can assign rules to the bridges themselves. This will be in 2.0. But for 1.X we will keep the functionality the same as it is now.

prodius · Dec 19, 2006, 7:35 AM

Rapid spanning tree also in -HEAD?

see http://www.freebsd.org/news/status/report-june-2006-oct-2006.html#Bridge-Spanning-Tree-Protocol-Improvements

sullrich · Dec 19, 2006, 5:19 PM

No GUI for the feature just yet but it is planned.

prodius · Dec 20, 2006, 8:12 AM

ok, thx for the answer.