On 5/16/07, Tom Judge <[EMAIL PROTECTED]> wrote:
em0 and bge0
em2 and bce0
em3 and bce1
Do all the interface names have to match on the HA pair?
Yes they do - but that is only if you use an if-bound state-policy,
which isn't default.
Keep in mind also that states also have a direction associated with
them. Take this for example from my firewalls:
# pfctl -ss | grep 66.165.31.204
all tcp 66.165.31.204:22 <- 71.227.220.29:1854 ESTABLISHED:ESTABLISHED
all tcp 71.227.220.29:1854 -> 66.165.31.204:22 ESTABLISHED:ESTABLISHED
You should read Daniel Hartmeier's (PF developer) 3-part article on
Undeadly. Maybe it will clear things up for you.
http://www.undeadly.org/cgi?action=article&sid=20060927091645
Kian
_______________________________________________
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
