* Gustavo Rios <[EMAIL PROTECTED]> [2006-08-07 04:46]: > I am playing with openbsd PF, and i read the text below: > (http://www.countersiege.com/doc/pfsync-carp/) > > "When writing the rest of the pf ruleset, it is important to keep in > mind that from pf's perspective, all traffic comes from the physical > interface, even if it is routed through the carp address. However, the > address is of course associated with the carp interface. Therefore, in > the interface context, such as "pass in on $extif ...", $extif would > be the physical interface, but in the context of "from $foo" or "to > $foo", the carp interface should be used, as it's being meant in the > address context." > > Why the carp "interface" cannot be used in context of the interface?
well, because it is that way. -- BS Web Services, http://www.bsws.de/ OpenBSD-based Webhosting, Mail Services, Managed Servers, ... Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
