Marco Fretz wrote:
Bridges are layer 2, carp is layer 3 (it shares IP addresses). So carp can not handle this by its nature I think. Just place the both bridgesin your LAN and you have your fail-over solution.
Packet Filter still does stateful inspection, even in bridging mode, AFAIK. So both firewall hosts should be connected via pfsync on a dedicated interface using a cross-over cable. No need to assign an IP address, i.e. the firewall bridge is still transparent. Regards Harri
