You can bridge two interfaces in pfSense by combining two or more interfaces and thus forming a single broadcast domain. In such a case, two ports on pfSense act as if they are on the same switch, except that firewall rules still apply in controlling traffic between interfaces. The most important consideration when bridging interfaces is to prevent looping. As mentioned earlier, this can be done using the Spanning Tree Protocol (STP).
Older versions of pfSense had filtering turned off by default, but this is no longer the case, and the default behavior of pfSense is to apply firewall rules to bridges. There is no way to selectively disable filtering in the current version of pfSense, but if you want to disable filtering completely, you can navigate to System | Advanced and check the Disable Firewall checkbox. Of course, you should only do this if you intend to use pfSense solely to bridge interfaces, or otherwise have no need to do packet filtering.
There are some issues you should consider when bridging interfaces:
- One interface will have an IP address, the main interface. The bridged interface will not have an IP address.
- For DHCP to work, it should be running only on the main interface, not on the interface being bridged.
- Since the firewall rules still apply, if you want DHCP to work on the bridged interface, you must create a firewall rule to allow DHCP traffic on the bridged interface.