I understand (from pf.conf(5)) what no-sync is supposed to do, however the only example I've seen of it in use is on the pfsync and carp examples in pfsync(4).
I was wondering if anyone had some advice on some specific examples of when the use of no-sync is appropriate, specifically in a two-node firewall cluster that uses pfsync. Assume that there are DMZ and internal network segments, some of which are routable and some of which are NAT'd private space. Further assume that some services are hosted from the firewall nodes themselves. I understand that most pf rules under these circumstances would *not* use no-sync, but it's not clear if there's anything other than pfsync/carp that should/might. Thanks in advance. Devin