Docker – How to VM and Docker bridge traffic be routed through a pfSense VM

I think this question is a result of me not being able to wrap my head around Docker networking and not being super great at Slackware. It seems like there should be a simple solution; I'm just totally missing it.

I have an UnRAID server (which is built on top of Slackware), and on this server I have some Dockers running as well as a few VMs running via KVM. I have pfSense in one of those VMs, and I would like to route traffic from Docker and other VMs through pfSense.

When creating a VM, UnRAID gives three options by default for choosing a network bridge:

• br0 – allows a VM to exist as its own entity on the network, with direct access to the LAN and an IP assigned from the router
• vibr0 – a virtual bridge managed by the host which keeps the VM isolated from the LAN
• docker0 – Docker's bridge

I figured out that I could add all three of these interfaces to pfSense: assign br0 as the WAN interface, vibr0 and docker0 as LAN interfaces. What I'm stuck on now is how I make the traffic from the two LAN interfaces through the firewall to the WAN. How can I do this?

I have tried a few completely ineffective things, such as setting the IP of the docker0 interface in pfSense to 192.168.2.1 and setting the default gateway in the docker0 bridge configuration to 192.168.2.1, but that doesn't seem to have changed anything. What fundamental aspect am I missing here?

To summarize, I would like to route traffic from the Docker containers and from the other VMs to what pfSense considers to be the the LAN ports; from there it will be routed to my actual LAN through what pfSense considers to be the WAN port. Or: how do I disconnect the vibr0 and docker0 from the host's eth0 interface?