@52 block drop log quick on bridge0 all label "USER_RULE"
I am a complete noob so please bear with me.
I have pfSense set up with 3 interfaces:
WAN - NONE
LAN - NONE
opt1 (bridge) - 192.168.1.250/23 - Gateway 192.168.1.252/23
My Laptop - 192.168.4.51/23 - Gateway 192.168.4.254/23
WAN & LAN are Bridged and the bridge is assigned to opt1.
WAN and LAN interfaces are set to none and opt1 is set to a Static IP address which I am using to access the WebGUI. The default anti-lockout rules on the LAN interface are therefore not applicable.
I have disabled filtering on all bridge member interfaces (net.link.bridge.pfil_member is set to 0) so all filtering is done on the bridge interface.
I can ping the management interface from my laptop but I cannot ping the laptop from the pfsense server. A traceroute shows all pings are trying to go out via the default gateway which I suspect is the reason for a lot of TCP:FA, TCP:PA and TCP:FPA flags in my logs files. I´ve tried adding a second gateway but this just locked me out completely.
I cannot access the Management interface when the firewall rules are enabled and I also cannot get DNS queries to go through the firewall.
All blocked traffic that I would like to pass is being blocked by the same rule:- @52 block drop log quick on bridge0 all label "USER_RULE"
Does anyone have any suggestions on how I can get traffic flowing properly through my setup? Ideally I would like to be able to access the webconsole from both the WAN and the LAN subnets.
In a transparent firewall setup like this you would normally want filtering on the bridge members, wan and LAN, otherwise you're not firewalling anything.
What firewall rules do you have in place on each interface?
I managed to get it working by swithing to conservative mode.
BTW, I am filtering on the bridge interface and it seems to be working pretty well.
Hmmm, intersecting. If you have two interfaces bridges and no filtering on the member interfaces I would expect traffic to flow freely between them. Still if its working…. ;)