Hi all, thanks for your replies and your help. I did try yesterday and today on some test boxes and it looks working pretty well between a very old version (3.9) and the most recent one (5.0). I just had for few minutes problems with states (increasing up to 10k until I flushed them, but it could be a problem with my pf.conf due to the big differences between the two versions of pf). My setup is not that complex and so the pf rules (approx 300 rows); I think I'll run the upgrade in the production env creating a simple pf.conf on purpose that doesn't use states. Thanks again for your support and the great work (you definitely didn't screw it up :) ) Alessandro
On Thu, Dec 8, 2011 at 6:01 PM, Henning Brauer <lists-open...@bsws.de>wrote: > * rik <rikc...@gmail.com> [2011-12-06 21:40]: > > is it possibile to have a dual firewall setup with carp using > (temporarly) > > 2 different versions of OpenBSD? I've to setup some new firewalls and > > upgrade old one and I'd like to keep redudancy while upgrading but during > > the process some firewalls will run the 5.0, some still the old version. > > in general that works as long as all of these are true: > 1) the two are just one release apart, all bets off if more > 2) the upgradeXX.html doesn't mention an incompatibility > 3) we didn't screw up > > that is the pfsync centric view. carp's on-the-wire format hasn't > changed in ages. > > -- > Henning Brauer, h...@bsws.de, henn...@openbsd.org > BS Web Services, http://bsws.de, Full-Service ISP > Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully > Managed > Henning Brauer Consulting, http://henningbrauer.com/
