I set up a transparent bridge and found that the outgoing traffic from LAN would have two duplicate firewall logs, out and in. As this github issue (https://github.com/opnsense/core/issues/2269) says.
Is this normal? The transparent bridge configuration document does not mention this at all. Is this common sense in FreeBSD? How do I set up firewall rules?
Setting firewall rules in the bridge cannot distinguish the two repeated traffic flows, as there is overlap between the two.
(https://i.postimg.cc/qvVSvRpB/2025-04-08-214836.png)
How are they duplicate if one is in and the other one is out?
in and out are from the perspective of the FW.
With typical traffic on a router, you'd see in on one interface and out on another (as long as it's not blocked in).
It's been a little while since I've used the filtering bridge mode, but it makes sense for the same logic to apply.
In general, you want to author your rule on the way in. There's a direction in the FW rules as well.
To add to that a bit, I use only inbound filters; I get two log messages per session/state, one for my rule and the other for the automatically generated "let out anything from firewall host itself" rule. (Your capture has the label column clipped out, but I assume that's what you're seeing.) It's a quirk of the logging. You can check it to an extent by looking at the "States" or "Sessions" diagnostics.