Rachel Roch [rr...@tutanota.de] wrote:
> Hi,
> Both the man page and FAQ (https://www.openbsd.org/faq/pf/carp.html) 
> <https://www.openbsd.org/faq/pf/carp.html> talk about "physical interface" in 
> relation to the syncdev parameter.
> Does this mean Bad Things (TM) will happen if I try to use a dedicated vlan 
> interface for pfsync ?

It's as secure as your ethernet network is. There is no privacy or
authentication with pfsync. I don't think that using a vlan is 
considered a big problem these days. I'm absolutely amazed at the
volume of data that pfsync generates. Since so many boxes come with extra
ports, using a vlan may be more complicated than directly connecting
the boxes together (unless you have more than two machines)

Reply via email to