This was fixed right after b1. Upgrade to http://www.pfsense.com/~sullrich/1.0-BETA1-TESTING-SNAPSHOT-1-29-06/
On 1/29/06, Randy B <[EMAIL PROTECTED]> wrote: > If some of you will recall, quite some time ago I complained that I > found that CARP was being transmitted on my untrusted interfaces between > a couple of test boxes in a lab instead of on their synchronization > interface; something that the rest of the list seemed to think a > non-issue. It has arisen again, this time rather more disconcerting - I > find that my single pfSense box fronting my home network is "leaking" > carp messages out the external interface, regardless of the fact that > I've turned off carp (1.0-BETA1). > > I don't like it - no matter what any one else's perception of what is > exposed, it gives someone on my segment at least a layer-2 knob on my > network that shouldn't exist. It's enough to make me want to put a box > running ebtables outside of it just to filter out spurious stuff like > this... Or, "worse" yet, just replace my pf box with the GNAP image > I've been working on. I'm certainly up to customizing pfSense to > eliminate this behavior, but without upstream support it's something I'd > have to hunt down and change every time I updated. > > What has anyone else done? Am I alone in disliking this? I'm not a fan > of "security by obscurity", but I do believe that good security is best > bolstered by a healthy dose of paranoia and some slick, black, > featureless walls. What do you guys think? Any differently than before? > > RB >
