On Sat, Sep 13, 2008 at 8:46 AM, Eugen Leitl [EMAIL PROTECTED] wrote:
I can't get an 1.2.1-RC1 full with two NICs (VIA mini ITX) to filter traffic
using http://pfsense.trendchiller.com/transparent_firewall.pdf
No rules either in WAN or LAN, to the bridge must block
everything -- but doesn't. No change when I define explict
blocking rules for everything.
There are some default rules on LAN, like the anti-lockout rule that
could be passing the traffic. You can disable that on the Advanced
page. That's the only one I can think of offhand that would pass
traffic, though LAN is a bit special in 1.2x and there could be
something else I'm not thinking of offhand.
Note the enable filtering bridge checkbox does nothing in 1.2.1 and
should have done nothing in 1.2. In 1.2, turning that on actually can
create some weird problems with filtering in some circumstances.
That's a hold over from the way m0n0wall does things, and should have
been removed when we switched to if_bridge. If you're running bridging
on 1.2, I recommend leaving that disabled. It adds rules to the bridge
itself, when the bridge should never have rules. The member interfaces
get rules added, and you want to filter on both the member interfaces
and not the bridge itself.
