On 04/04/11 15:29, Patrick Hemmen wrote: > Am 03.04.2011 um 17:30 schrieb Nick Holland: > >> >> HOWEVER, if your users were doing something with the currently active >> states, for example downloading a large file via http, the state that >> permits the incoming file WOULD be sync'd to the standby system, and >> that download would continue. > > The manpage of authpf says that authpf will remove state table entries after > the ssh session is terminated (paragraph four of DESCRIPTION and paragraph two > of CONFIGURATION ISSUES). > This seems not to be true in a HA configuration with pfsync. Because authpf > doesn't have the chance to remove the entries from the state table, if the > master firewall failed. Is this right?
yes, if authpf dies because the entire machine died, it certainly can't remove state (note: there are other failure modes where authpf COULD (but may or may not) shut down the state on the machine's way down). I can't think of how that would be a problem. Why do you want to remove state when ssh is terminated? Because you want to have control the access to/through the firewall...if someone terminates authpf, they might have a reason to, or may have lost control over that machine. If the firewall fails, you know it (hopefully?) wasn't the authpf user's fault or intent. You can't say anything about the next state that might have come from the authpf'd IP address, but you can pretty well guess any current states are probably legit. Other than an SSH which could be both magically balanced between two machines AND still resistant to man-in-middle and session stealing attacks, this is about as good a situation as you can get, I think. Nick.
