then, what about this: pass on $carpdev proto carp keep state
Looks like it's filtering on the $carpdev, which is carp0 and carp1 in
this case. It's just what I read in the pf book. I'd like to resolve
this soon so I can go ahead an launch my website. I feel like there's
a lot of carp in the pf files. I need to lean it down a little. That
might be causing all these problems.
Help appreciated,
Vivek
On Wed, Nov 12, 2008 at 2:19 PM, Stuart Henderson <[EMAIL PROTECTED]> wrote:
> On 2008-11-12, Vivek Ayer <[EMAIL PROTECTED]> wrote:
>> i don't think I understand. Clarify. you mean carpdev is like your
>> physical interface..eth0, re0, etc.?
>
> yes
>
>
>> On Wed, Nov 12, 2008 at 12:40 AM, Marco Pfatschbacher <[EMAIL PROTECTED]>
>> wrote:
>>> On Tue, Nov 11, 2008 at 03:53:54PM -0800, Vivek Ayer wrote:
>>> [...]
>>>> # macros
>>> [...]
>>>> carpdevs = "{ carp0 , carp1 }"
>>> [...]
>>>> # pass rules
>>> [...]
>>>> pass in on $carpdevs inet proto tcp from any to ($ext_if) \
>>>> port $tcp_services flags S/SA keep state # Allow SSH Access from Outside
>>>
>>>
>>> just from a quick glance:
>>> pf(4) never filters on carp interfaces, but on carp's physical
>>> interface (aka carpdev).
