Re: FreeBSD 14 Firewall Passes ALL traffic!

Reply: Dan Lists : "Re: FreeBSD 14 Firewall Passes ALL traffic!"
In reply to: Dan Lists : "FreeBSD 14 Firewall Passes ALL traffic!"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Souji Thenria <mail_at_souji-thenria.net>
Date: Fri, 08 Aug 2025 16:38:27 UTC

> On 8. Aug 2025, at 18:13, Dan Lists <lists.dan@gmail.com> wrote:
> 
> 
> We have a transparent (bridged) firewall that we have been using since around 2015, maybe earlier.
> 
> After upgrading to FreeBSD 14 the firewall passes all traffic across the bridge!  That is obviously VERY bad.
> 
> The firewall does block traffic to the server itself, but not traffic passing on the bridge interface.
> 
> I've tested the exact same rules on FreeBSD 12 and 13 and they work fine.  I verified that the rules are the same, as well and the loaded kernel modules.  I tried 14.0, 14.2, and 14.3 and all of them pass all traffic on the bridge interface.
> 
> I looked at the release notes and I did not see anything that would cause this.
> 
> I am at a loss on how to debug this.
> 
> Please Help!
> 
> Thanks


Hi Dan,

I hope this mail is not that badly formatted since I’m writing it on my phone. 

There was a change. There is also a post in the FreeBSD forum [0]. Based on that you need to set sysctl net.link.bridge.pfil_bridge=1. 

Regards,
Souji

[0] https://forums.freebsd.org/threads/pf-rule-not-working-after-upgrade-to-14-0.93874/