View Single Post
  #1   (View Single Post)  
Old 8th October 2010
tenderoni tenderoni is offline
New User
 
Join Date: Sep 2010
Location: PNW
Posts: 3
Default pfsync and pf.conf

Is pfsync meant to sync the output of "pfctl -s rules" between the devices (aka the rules you define in /etc/pf.conf)? Or just the state table (pfctl -s states).

My states are being synced alright but not the rules. On the "main" firewall I have a bunch of rules in pf.conf and I started with an empty pf.conf on the "backup" firewall but since that is rather restrictive by default, my only rule on the backup firewall is:

FILTER RULES:
pass on em0 proto pfsync all keep state

It seems like you'd want the rules synced too... so I feel like I'm missing something as I set off to sync /etc/pf.conf via rsync, ssh keys, and cron.

Feel free to ask for any config but I have been following the "Combining CARP and pfsync For Failover" part of the PF FAQ I can't link to because I only have 2 posts pretty strictly and pfsync in general seems like very little config. And since my state tables are syncing alright I figure it is probably mostly working.

I just don't know if the rules should be syncing too...

(when openbsd.org is up) Looking up the manpage for pfsync says "no man page for pfsync found" -- documentation seems a little lacking on pfsync.
Reply With Quote