DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 8th October 2010
tenderoni tenderoni is offline
New User
 
Join Date: Sep 2010
Location: PNW
Posts: 3
Thanked 0 Times in 0 Posts
Default pfsync and pf.conf

Is pfsync meant to sync the output of "pfctl -s rules" between the devices (aka the rules you define in /etc/pf.conf)? Or just the state table (pfctl -s states).

My states are being synced alright but not the rules. On the "main" firewall I have a bunch of rules in pf.conf and I started with an empty pf.conf on the "backup" firewall but since that is rather restrictive by default, my only rule on the backup firewall is:

FILTER RULES:
pass on em0 proto pfsync all keep state

It seems like you'd want the rules synced too... so I feel like I'm missing something as I set off to sync /etc/pf.conf via rsync, ssh keys, and cron.

Feel free to ask for any config but I have been following the "Combining CARP and pfsync For Failover" part of the PF FAQ I can't link to because I only have 2 posts pretty strictly and pfsync in general seems like very little config. And since my state tables are syncing alright I figure it is probably mostly working.

I just don't know if the rules should be syncing too...

(when openbsd.org is up) Looking up the manpage for pfsync says "no man page for pfsync found" -- documentation seems a little lacking on pfsync.
Reply With Quote
  #2   (View Single Post)  
Old 8th October 2010
rocket357's Avatar
rocket357 rocket357 is online now
Real Name: Jonathon
Wannabe OpenBSD porter
 
Join Date: Jun 2010
Location: 127.0.0.1
Posts: 322
Thanked 9 Times in 9 Posts
Default

http://www.openbsd.org/cgi-bin/man.c...86&format=html

openbsd.org != www.openbsd.org

In short: pfsync is only for synchronizing states. If you want to ensure your pf.conf is synchronized, you should employ some other solution, as pfsync won't work.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Pf.conf erict35 OpenBSD Security 1 30th January 2010 10:19 PM
pfsync+carp+wifi firewall redundancy inquiry revzalot OpenBSD Security 1 18th May 2009 03:06 PM
pf.conf lumiwa FreeBSD Security 11 20th September 2008 01:01 AM
make.conf lumiwa FreeBSD General 9 8th September 2008 12:15 AM
difference between rc.conf and loader.conf disappearedng FreeBSD General 5 3rd September 2008 05:54 AM


All times are GMT. The time now is 09:58 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick