Bridge with Firewall (L2 Filtering)

Bridge interface с firewall для transparent (Layer 2) firewall deployments.

Сценарий

Transparent Firewall: VyOS работает как Layer 2 bridge с filtering
Minimal Configuration: Не требуется изменение IP addressing
Inline Deployment: Between switch и router

Configuration

# Bridge Interface
set interfaces bridge br0 member interface eth1
set interfaces bridge br0 member interface eth2
set interfaces bridge br0 address '10.10.1.254/24'

# Bridge Firewall
set firewall bridge forward filter default-action 'drop'

set firewall bridge forward filter rule 10 action 'accept'
set firewall bridge forward filter rule 10 state established 'enable'
set firewall bridge forward filter rule 10 state related 'enable'

set firewall bridge forward filter rule 20 action 'accept'
set firewall bridge forward filter rule 20 protocol 'tcp'
set firewall bridge forward filter rule 20 destination port '80,443'

set firewall bridge forward filter rule 100 action 'drop'
set firewall bridge forward filter rule 100 log 'enable'

commit

Ссылки

Проверено OpenNix LLC · Обновлено 18, апреля 2026

Firewall with VRF Isolation DHCP Relay through GRE-Bridge