Gordon Ross wrote:
So why is this different to what I put ?
#These three lines allow the failover mechanisms to work
pass on { $int_if } proto carp keep state
pass on { $adsl_if } proto carp keep state
pass quick on { $pfsync_if} proto pfsync
The only difference I can see, is that your lines would allow CARP on the
pfsync (and loopback) interface.
GTG
Dag Richards <[EMAIL PROTECTED]> 07/19/07 4:55 PM >>>
I think you will find that since carp is communicated with multicast
that your rules are not behaving as you think.
They are allowing the outbound transmissions, but since you are not
establishing tcp sessions the keep state does not do what you want.
Try explicitly allowing in protocol carp
What I do is this:
pass out quick proto carp
pass in quick proto carp
The difference is you were paying attention.
I really thought I saw pass out not just pass on your lines.
When you do
tcpdump -n -e -ttt -i pflog0
with rules enables to you see inbound carp being blocked?
