I am playing with openbsd PF, and i read the text below: (http://www.countersiege.com/doc/pfsync-carp/)
"When writing the rest of the pf ruleset, it is important to keep in mind that from pf's perspective, all traffic comes from the physical interface, even if it is routed through the carp address. However, the address is of course associated with the carp interface. Therefore, in the interface context, such as "pass in on $extif ...", $extif would be the physical interface, but in the context of "from $foo" or "to $foo", the carp interface should be used, as it's being meant in the address context." Why the carp "interface" cannot be used in context of the interface? Thanks for your time and cooperation.
