pfsync and pf.conf
Is pfsync meant to sync the output of "pfctl -s rules" between the devices (aka the rules you define in /etc/pf.conf)? Or just the state table (pfctl -s states).
My states are being synced alright but not the rules. On the "main" firewall I have a bunch of rules in pf.conf and I started with an empty pf.conf on the "backup" firewall but since that is rather restrictive by default, my only rule on the backup firewall is:
pass on em0 proto pfsync all keep state
It seems like you'd want the rules synced too... so I feel like I'm missing something as I set off to sync /etc/pf.conf via rsync, ssh keys, and cron.
Feel free to ask for any config but I have been following the "Combining CARP and pfsync For Failover" part of the PF FAQ I can't link to because I only have 2 posts pretty strictly and pfsync in general seems like very little config. And since my state tables are syncing alright I figure it is probably mostly working.
I just don't know if the rules should be syncing too...
(when openbsd.org is up) Looking up the manpage for pfsync says "no man page for pfsync found" -- documentation seems a little lacking on pfsync.
|Thread||Thread Starter||Forum||Replies||Last Post|
|Pf.conf||erict35||OpenBSD Security||1||30th January 2010 10:19 PM|
|pfsync+carp+wifi firewall redundancy inquiry||revzalot||OpenBSD Security||1||18th May 2009 03:06 PM|
|pf.conf||lumiwa||FreeBSD Security||11||20th September 2008 01:01 AM|
|make.conf||lumiwa||FreeBSD General||9||8th September 2008 12:15 AM|
|difference between rc.conf and loader.conf||disappearedng||FreeBSD General||5||3rd September 2008 05:54 AM|