Hi all,
I'm currently planning for a complete reorganization i.e. rewrite of a
historically grown pf.conf of about 300 rules. Up to now each and every rule
uses the "quick" keyword, which effectively turns the "last match" concept of
pf into a "first match" one. Does that make any sense?
Of course
Hi all,
thanks for all your input to my small question about how to keep the pf.conf
in sync!
I have to care for exactly one firewall cluster, so I would like to avoid
complex tools for this task. I will probably use rdist.
Have fun!
Regards
Christoph
Private Universit?t Witten/Herdecke gGmbH
Al
Hi all,
is there a standard or recommended way to keep the pf.conf on the CARP cluster
members in sync?
Thanks!
Regards
Christoph
--
Christoph Peus
Universität Witten/Herdecke
Bereich Informationstechnologie
Tel: +49 2302 926-212
Fax: +49 2302 926-44857
mailto:christoph.p...@uni-wh.de
Hi again,
just to "close" this case I'd like to mention that my problems with this setup
were caused by some faulty pf.conf rules, which had not been adapted to the
cluster config beforehand, i.e. it works now. :)
Regards
Christoph
>Physical NIC -> trunk interface -> vlan interface = physic
Henning, thanks for your quick reply.
>> Which disadvantages could this mode of operation have compared to the
>> classic mode with IPs assigned?
>
>the backup node might not be able to reach the network on the carp if
Hmm... what does this mean to me..? To make it more precise - my setup looks
Hi all,
in the official CARP/pfsync faq here: http://www.openbsd.org/faq/pf/carp.html
I found an information, that suggests that it's possible to use CARP without
IPs attached to the physical interfaces used in a CARP group:
ipaddress
This is the shared IP address assigned to the redundancy group
6 matches
Mail list logo
