The bridging firewall can be deployed to enhance the security of a network, particularly a perimeter network with a block of addresses where a router may not be appropriate. The bridging aspect offers a stealthy solution with the ability to partition the perimeter network into a number of separately protected zones.
The bridge is an additional layer of security that can easily be inserted in place of a switch or hub. The article focusses on a firewall that sits between the service provider’s equipment and three protected networks.
The design and configuration of a bridging firewall is described, using a FreeBSD server with several network interfaces. The example network is a /29 subnet feeding a wireless LAN, a wired LAN, and a small server farm.