Stuart Henderson a icrit :
There isn't too much point in using a bridge for this - there's no need for it, it's more complicated, makes ftp more difficult, makes it difficult to provide redundancy of the firewall if you decide you want it, makes problem diagnosis more difficult, and by plugging a machine into the wrong half of the network, you could accidentally expose a private service. These aren't really a problem with a more standard routed/NAT setup.
Allright, I can understand the problems it might create, indeed.
There are some scenarios where filtering bridges are particularly useful. For example, you might have a small block of routed internet addresses that you don't want to (or can't) split into smaller subnets because you'd lose too many usable addresses. You might not have control over other machines/routers on the network and still want to include a PF firewall. But as I understand it, this doesn't apply to the setup you are asking about.
No, you're right. Well, thanks a lot for all the infos, I would have learnt something today :) Regards, Antoine
