Hello all, thanks for this interesting debate about pf syncing. To remember my initial question:
pfsync seems to sync states but not correctly on my BGP+OSPF routers. Because each BGP router is master/standby to 2 neighbors (full meshed bgp) packets which are outgoing by one router can income by the other router, then if i want to use pf as a stateful firewall i must use pfsync to sync created states from router A to router B. If you tell me it's not possible, then i will use pf as a stateless firewall. -- Best regards, Loïc BLOT, UNIX systems, security and network expert http://www.unix-experience.fr Le jeudi 04 juillet 2013 à 13:17 -0500, Mark Felder a écrit : > My apologies for just being noise; I missed his first full post with > much more detail. I was picturing him trying to run redundant servers > without CARP and running into issues of states disappearing. [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
