To provide an example of bridging, we'll use pfSense to bridge two interfaces—LAN and OPT1. We will also assume that there are downstream routers, and to prevent looping, we will run RSTP on the bridged interfaces. In this case, LAN1 will be the main interface and OPT1 will be the bridged interface. Assume that the LAN interface has an IP address of 172.16.1.1 and a subnet of 172.16.0.0, and that the DHCP server is running on LAN.

To begin, we navigate to Services | DHCP Server and disable DHCP on OPT1. To do this, we uncheck the Enable checkbox, and click on the Save button. Now we can create our bridge. To do so, we navigate to Interfaces | (assign) and click on the Bridges tab. We click on the Add button on that page to add a new bridge.

Since we are bridging LAN and OPT1, we select these two interfaces in the Member Interfaces listbox. We also enter a brief description in the Description edit box (for example LAN to OPT1 bridge). If all we wanted to do is create a simple bridge, we would be done with configuration, but we want to run RSTP on the bridged interfaces, so we click on the Show Advanced button and scroll down the page. We check the Enable RSTP checkbox, and then in the RSTP/STP section, we leave the protocol in the Protocol drop-down box set to RSTP. In the STP interfaces listbox, we select LAN and OPT1. Assume also that in spanning tree calculations, we want the LAN port to be favored over OPT1, so we scroll down and set LAN Path cost to 1 and OPT1 to 1000. Once we have finished setting these values, we click on the Save button and then click on Apply Changes on the main Bridges page.

We have now configured the bridge, but we still must create a firewall rule on the OPT1 interface to allow for DHCP traffic. Thus, we navigate to Firewall | Rules and click on the OPT1 tab, then click on the Add button. On the Rules configuration page, we set Protocol to UDP. In the Source drop-down box, we select Single host or alias and type 0.0.0.0 in the corresponding edit box. We click on the Display Advanced button, and in the Source port range edit box, we enter  68. For Destination, we also select Single host or alias and type 255.255.255.255 in the corresponding edit box. In the Destination port range edit box, we enter 67. We enter a brief description (for example, Allow DHCP traffic) then click on the Save button, and then click on the Apply Changes button on the main firewall rules page.

Once we confirm that the newly created rule is at the top of the list of rules for the OPT1 interface, our configuration is complete. Clients connecting to OPT1 should now be able to receive an address on the 172.16.0.0 subnet from the DHCP server on LAN.