On 05/08/2006 11:21:47 AM, Daniel Hartmeier wrote:
On Mon, May 08, 2006 at 05:58:08PM +0300, Hisham Mardam Bey wrote:
> Can this be achieved using pfsync? If so, what do I need to do to
get
> this working? If not, can pfsync be extended to allow for this or
> should we look into something different altogether?
This currently won't work. pfsync does only synchronize state table
entries, not rules. Since the firewalls can have different rules, no
attempt is made to associate a state entry with a particular rule of
the
recipient's ruleset. Instead, such state entries are associated with
the default pass rule.
Couldn't he do this on his bridge, which is doing the load balancing
between the firewalls anyhow, by limiting the number of states on the
bridge?
Karl <[EMAIL PROTECTED]>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein
