Bridge two ports, not including LAN

[passeri]

I would like to bridge two low-traffic interfaces which have the same essential uses, rules, security requirements.
Documentation and examples I have seen assume that the LAN port is added to the bridge, but that would not be the case here.

Would the general steps be:

• Remove current configuration from the two interfaces (call them Opt2 & 3)
• Create a bridge
• Add Opt2 & Opt3
• Skip steps 3-5 in the documentation
• Set tunables as in step 6
• Set DHCP and rules on the bridge interface

Alternatively for my steps 1 & 6, set those rules on one of the two interfaces added to the bridge.
Thus the question: is configuration set on the bridge or derived by the bridge from one of its interfaces? The former makes more sense to me but discussions seem to imply the second case.

[bartjsmit]

Back up your config and try it  :) Your bridge will likely start with nothing allowed on it

[Patrick M. Hausen]

A bridge is a virtual switch. The two member interfaces are turned into layer 2 switch ports. All IP configuration must take place on the bridge interface. This is mandatory, because of some properties of the FreeBSD network implementation.

So the only point you missed is: under Interfaces > Assignments assign a logical interface to the bridge and use that for IP configuration, DHCP and rules.

[passeri]

That is what I thought should be the case, thank you Patrick. I did not isolate the meaning of those words you quoted.

@bartjsmit, I will. I excused myself because my test router was still packed from a recent trip. I could read a book while away, or play with a router.  :)

[CJ]

I would like to bridge two low-traffic interfaces which have the same essential uses, rules, security requirements.
Documentation and examples I have seen assume that the LAN port is added to the bridge, but that would not be the case here.

Another option would be to create a Firewall group with the two interfaces.  This would allow you to easily apply the same rules.