On 2008-11-12, Vivek Ayer <[EMAIL PROTECTED]> wrote:
> i don't think I understand. Clarify. you mean carpdev is like your
> physical interface..eth0, re0, etc.?
yes
> On Wed, Nov 12, 2008 at 12:40 AM, Marco Pfatschbacher <[EMAIL PROTECTED]>
> wrote:
>> On Tue, Nov 11, 2008 at 03:53:54PM -0800, Vivek Ayer wrote:
>> [...]
>>> # macros
>> [...]
>>> carpdevs = "{ carp0 , carp1 }"
>> [...]
>>> # pass rules
>> [...]
>>> pass in on $carpdevs inet proto tcp from any to ($ext_if) \
>>> port $tcp_services flags S/SA keep state # Allow SSH Access from Outside
>>
>>
>> just from a quick glance:
>> pf(4) never filters on carp interfaces, but on carp's physical
>> interface (aka carpdev).
