Firewall in bridge mode

As my initial step I have a very simple setup:

internet --> ISP modem (bridge mode) --> openWrt router

When reading the documentation on bridge mode, I saw this:

Firewall bridge mode support in OpenWrt is provided by the kmod-br-netfilter module.

Does that mean the standard firewall fw3 automatically incorporates this module? Or do I have to enable this module explicitly when I am working in bridge mode?

I am unclear why the firewall setup should be different for the openWrt when it does the WAN access directly, or when it has the ISP modem as intermediary. Can someone explain what the difference is?


That guide is targeted to a setup where the OpenWrt device is in bridge mode, or the modem is integrated into the OpenWrt device. In your case, since the modem is a separate device and is configured as a bridge, your router acts as a router, and the standard configuration for fw3 applies.

I guess you have a WAN interface, configured as PPPoE, DHCP, or similar, with a public IP address, and at least one LAN interface, with a static private IP address. Then, there is no bridge involved here, and how does your WAN reach the internet is irrelevant to OpenWrt.


Ah yes, that makes more sense. Thank you for the explanation.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.