Bridged LAN connection and rules

  • I setup a pfSense box for a company I do some work for.  At the time they had two 24 port Dell switches.  I connected both switches to the Gb ports on the pfSense server and then bridged them to act as one.  My question is, since they are bridged do I only have to setup rules on the LAN interface or do I have to mirror all the rules on the OPT1(Lan2) interface as well?  On a bit of a tangent, would I be better or simply chaining the switches together instead?

  • I would chain the swicthes together. This will take some load from the firewall and a switch should usually have a lower delay in passing packets as well. Troughput on the pfSense between the 2 gigabit links also depends on busspeed and cpu power as all packets have to be processed. Uplinking the switches to each other is much better unless you need some firewalling between the 2 switches.

    And yes, you usually need rules on all interfaces if you keep it as it is. Otherwise a transparent firewall would not be possible. There is a setting at system>advanced though that you need to turn on to do so.