Rachel Roch [rr...@tutanota.de] wrote: > Hi, > > Both the man page and FAQ (https://www.openbsd.org/faq/pf/carp.html) > <https://www.openbsd.org/faq/pf/carp.html> talk about "physical interface" in > relation to the syncdev parameter. > > Does this mean Bad Things (TM) will happen if I try to use a dedicated vlan > interface for pfsync ? >
It's as secure as your ethernet network is. There is no privacy or authentication with pfsync. I don't think that using a vlan is considered a big problem these days. I'm absolutely amazed at the volume of data that pfsync generates. Since so many boxes come with extra ports, using a vlan may be more complicated than directly connecting the boxes together (unless you have more than two machines)
