Documentation
pfSense Documentation - Configuration and Administration Guides
pfSense Bridging - Combining Network Interfaces

pfSense Bridging - Combining Network Interfaces

A bridge in pfSense combines two or more network interfaces into a single broadcast domain at the data link layer (L2). Devices connected to different physical bridge member ports communicate as though they were connected to the same switch. The key distinction from a hardware switch is the ability to apply pf firewall rules to traffic passing between bridge members, enabling filtering and traffic control within a single L2 segment.

pfSense supports two primary bridging scenarios. An internal bridge combines local interfaces (for example, LAN and a wireless interface) into a unified segment while preserving filtering capabilities. A bridge with an external interface (WAN) implements a transparent firewall that filters traffic without acting as a router - internal devices continue using the upstream gateway while pfSense operates as an invisible filter.

Bridge performance is substantially lower than that of a hardware switch because all frames are processed by the CPU. Bridges do not replace switches in high-throughput environments but are effective for Layer 2 filtering and monitoring tasks. When port aggregation for increased bandwidth is required, use LAGG instead of bridging.

In This Section

  • Bridge Setup - creating bridges, STP/RSTP, firewall rules on bridges, transparent firewall deployment, and troubleshooting
Last updated on