On Fri, Feb 02, 2007 at 02:12:12PM -0800, Michael K. Smith - Adhost wrote: > self tcp 10.211.100.110:110 <- x.x.x.164:110 <- x.x.x.98:52857 > ESTABLISHED:ESTABLISHED > [526026435 + 65535] wscale 1 [2600240610 + 65665] wscale 0 > age 00:00:03, expires in 04:59:57, 3:2 pkts, 168:154 bytes, rule 9 > id: 45c3ac4500000080 creatorid: 70b9fa06
What is rule 9 on the master, precisely? # pfctl -gsr | grep -A 2 '@9 ' The state entry doesn't get associated with a corresponding rule on the backup (because the rulesets are not identical), but with the default rule instead. This means that aspects of the state entry might stop working on failover (like route-/reply-to or such), effectively breaking the connection. Daniel
