-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tom Uffner <[EMAIL PROTECTED]> wrote:
>
> on redundant CARP firewalls where it is not obvious how the shell can
> determine the shared MAC address of carpN and presumably only the the
> box with the fastest heartbeat should be proxying unless it goes d
If I deploy a pf firewall on a network where the attached routers or
hosts can not or will not route the appropriate traffic to the firewall,
then the firewall must direct that traffic to itself by either binding
the addresses of devices behind it or by publishing proxy-arp for them.
For various
