So why is this different to what I put ?
#These three lines allow the failover mechanisms to work
pass on { $int_if } proto carp keep state
pass on { $adsl_if } proto carp keep state
pass quick on { $pfsync_if} proto pfsync
The only difference I can see, is that your lines would allow CARP on the
pfsync (and loopback) interface.
GTG
>>> Dag Richards <[EMAIL PROTECTED]> 07/19/07 4:55 PM >>>
I think you will find that since carp is communicated with multicast
that your rules are not behaving as you think.
They are allowing the outbound transmissions, but since you are not
establishing tcp sessions the keep state does not do what you want.
Try explicitly allowing in protocol carp
What I do is this:
pass out quick proto carp
pass in quick proto carp
