Bridge Setup Question : Rules and Lockout Query

[hsing]

Hi everyone,

I have some questions about Transparent Filtering Bridge that I hope someone can help me with. I was reading the documentation on Transparent Filtering Bridge (https://docs.opnsense.org/manual/how-tos/transparent_bridge.html#disable-outbound-nat-rule-generation), and I have two main questions:

    In the section about "7. Add Allow rules," I conducted two tests. In the first test, I used Floating Rules and selected only the interfaces that were added to the Bridge group. During this test, machines within the group were unable to ICMP Ping their target. However, in the second test, when I only allowed the Bridge group's Interface in the Floating Rules, the machines within the same group could ICMP Ping normally. Does this mean that the Bridge Interface takes control over the interfaces in the group? And hence, is it sufficient to just allow the Bridge Interface in the Rules?

    Regarding the section on "Disable Default Anti Lockout Rule," I cannot discern the difference between having this option checked or unchecked, as I didn't notice any changes in the Automatically generated rules. I'm wondering if it's necessary to check this option?

Thank you for reading and for your assistance.