[prev in list] [next in list] [prev in thread] [next in thread]
List: pfsense-discussion
Subject: Re: [pfSense] Bridging firewall swallows its own traffic
From: Lee Damon <nomad () castle ! org>
Date: 2016-06-30 20:54:06
Message-ID: 10c0414c-d1e9-5d16-73eb-2c9529ec70d4 () castle ! org
[Download RAW message or body]
Following up to my earlier email.
I was expecting the bridge to act the same as on other OSs I'm currently
using for firewalls (that is, once traffic hits the bridge it is not
examined further just goes out the other end - a tunnel). However, it
turns out I was misunderstanding how FBSD does bridging - examining the
packets on the bridge itself as it if were a switch.
As a result I have had to resort to something I consider less than
optimal. I've disabled the LAN interface and given br0 (the bridge) its
IP address (for management access). I've set up firewall rules on br0
that only allow access from management hosts to the very limited set of
management ports (all other traffic is blocked). This effectively puts
the management interface "outside" the firewall but hopefully protects
it sufficiently that isn't a totally bad thing.
Does anyone have any comments/feedback on this solution for me?
thanks,
nomad
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic