On Wed, Jun 02, 2010 at 09:47:36AM +0200, Henning Brauer wrote: > OpenBSD isn't as stupid and bad as cisco. > > I upgrade all my carped firewall pairs without downtime. > > yes, 4.6 and 4.7 require you to adopt your pf config. 4.5->4.6 is > trivial. 4.6->4.7 isn't black magic either but admittedly not trivial > any more. >
ack > also, due to pfsync changes, the failover isn't perfect (pfsync is out > of the equation), so you'll lose your sessions. given how often I lose > perfectly valid tcp sessions that just idle a bit when I am at foreign > networks (conferences, especially at universities, hotels, ...) users > must be used to that :) > well, hmmm, depends on the users and the networks. i think pf is used in other places than just in playgrounds, conferences, and hotels ;( reyk
