In some cases, a single broadcast domain is formed by combining two or more interfaces. Two ports on your pfSense router act as if they are on the same switch, except that the firewall rules are used to control the traffic between the interfaces. This can be achieved using bridging, but you need to be careful to avoid loops when employing bridging as mentioned earlier, the primary means of preventing looping on bridges is to use the STP, which is employed by managed switches and routers (including pfSense).

It should be noted that in the current version of pfSense, bridged interfaces are treated no differently than non-bridged interfaces. Therefore, firewall rules are applied to each interface that is a member of the bridge on an inbound basis. Older versions of pfSense had filtering turned off on bridges by default, and it had to be enabled to work. In the current version of pfSense, there is no way to selectively disable filtering on bridges; the only way to do so is to use the Disable Firewall checkbox in System | Advanced; (this disables all packet filtering).

Bridging two internal interfaces in pfSense is fairly easy, but there are some issues that you need to address:

• One interface will have an IP address (the main interface) and one will have no IP address (the bridged interface)
• You need to make sure that the DHCP server is running only on the main interface and not on the one being bridged
• In order to allow DHCP traffic on the interface, you need to create a firewall rule on the bridged interface