Transparent Filtering Bridge config question

Started by Jose, November 15, 2025, 06:48:32 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 15, 2025, 06:48:32 PM Last Edit: November 15, 2025, 07:15:10 PM by Jose
Hello, I'm really sorry if this was asked previously but I have some specific question regarding a typical Transparent Filtering Bridge configuration.

I was using OPNsense for several years without any issues so far, however I've recently switched from a standard setup to the Transparent Filtering Bridge mode because switched from DSL to an CGNAT/ISP, so I have some questions in regards some setting which typically differs from the OPNsense TFB how-to documentation

This is my current TFB setup(IPv6 is disabled):

Code Select
Interfaces: [WAN] -> igb0
  IPv4 Configuration Type: DHCP (It was: NONE)
  IPv6 Configuration Type: NONE (It was: DHCPv6)

Interfaces: [LAN] -> igb1
  IPv4 Configuration Type: NONE
  IPv6 Configuration Type: NONE (It was: Track Interface)

Interfaces: [TFB] -> igb0 + igb1
  IPv4 Configuration Type: NONE
  IPv6 Configuration Type: NONE

Interfaces: [ADM] -> vtnet0
  IPv4 Configuration Type: Static IPv4
  IPv6 Configuration Type: NONE

My question is if the above TFB configuration looks acceptable since I had set the IPv4 to DHCP on the [WAN] interface, otherwise OPNsense is unable to be upgrade as expected since there's no route to host.

OPNsense and zenarmor how-to's both specify to set the IPv4's to NONE but in my case I had to set it, the TFB rules seems to work as intended however is there any security implication leaving the [WAN] IPv4 set to DHCP alway plus the required rule to "Allow All" in such IF?

I could disable and set it back to NONE after OPNsense upgrades and reboot but that is a bit of a hassle.

PS the [ADM] interface is only for local administration, also sorry as I've push Post instead Preview while writing.

Regards
OPNSense on Bhyve VM set with 2CPU, 4GB-RAM, 120GB-ZFS, Transparent Filtering Bridge(TFB).
Intel i5-2390T with 32GB-RAM and Intel I350-T4(2-Ports Passthrough for OPNsense + VirtIO).
System running Jails, MEDIA/SMB/NFS/SSH servers etc.., ZFS-Mirrors for boot and storage.
November 15, 2025, 07:03:51 PM #1
What are your specific questions? Just go ahead and ask them ;-)

You have read the documentation on transparent filtering bridge?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
November 15, 2025, 07:16:26 PM #2
Quote from: Patrick M. Hausen on November 15, 2025, 07:03:51 PMWhat are your specific questions? Just go ahead and ask them ;-)

You have read the documentation on transparent filtering bridge?

Hi Patrick, I've pushed wrong buttons while writing, but posted them already.

Regards
OPNSense on Bhyve VM set with 2CPU, 4GB-RAM, 120GB-ZFS, Transparent Filtering Bridge(TFB).
Intel i5-2390T with 32GB-RAM and Intel I350-T4(2-Ports Passthrough for OPNsense + VirtIO).
System running Jails, MEDIA/SMB/NFS/SSH servers etc.., ZFS-Mirrors for boot and storage.
Print
Go Up Pages1
User actions