|
|||
pfsync and pf.conf
Is pfsync meant to sync the output of "pfctl -s rules" between the devices (aka the rules you define in /etc/pf.conf)? Or just the state table (pfctl -s states).
My states are being synced alright but not the rules. On the "main" firewall I have a bunch of rules in pf.conf and I started with an empty pf.conf on the "backup" firewall but since that is rather restrictive by default, my only rule on the backup firewall is: FILTER RULES: pass on em0 proto pfsync all keep state It seems like you'd want the rules synced too... so I feel like I'm missing something as I set off to sync /etc/pf.conf via rsync, ssh keys, and cron. Feel free to ask for any config but I have been following the "Combining CARP and pfsync For Failover" part of the PF FAQ I can't link to because I only have 2 posts pretty strictly and pfsync in general seems like very little config. And since my state tables are syncing alright I figure it is probably mostly working. I just don't know if the rules should be syncing too... (when openbsd.org is up) Looking up the manpage for pfsync says "no man page for pfsync found" -- documentation seems a little lacking on pfsync. |
|
||||
http://www.openbsd.org/cgi-bin/man.c...86&format=html
openbsd.org != www.openbsd.org In short: pfsync is only for synchronizing states. If you want to ensure your pf.conf is synchronized, you should employ some other solution, as pfsync won't work. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Pf.conf | erict35 | OpenBSD Security | 1 | 30th January 2010 10:19 PM |
pfsync+carp+wifi firewall redundancy inquiry | revzalot | OpenBSD Security | 1 | 18th May 2009 03:06 PM |
pf.conf | lumiwa | FreeBSD Security | 11 | 20th September 2008 01:01 AM |
make.conf | lumiwa | FreeBSD General | 9 | 8th September 2008 12:15 AM |
difference between rc.conf and loader.conf | disappearedng | FreeBSD General | 5 | 3rd September 2008 05:54 AM |