Karl O. Pinc wrote: > I didn't notice _any_ reference to pfsync in the original > post. Perhaps this is part of the problem?
I originally wrote: > I have a pair of OpenBSD firewall/routers in a reasonably vanilla > pf + pfsync + CARP configuration... It sounds like using 'defer' may allow pf + pfsync to handle the issues resulting from asymmetric routing of packets, as long as the asymmetry is fully contained within the pfsync'd hosts. I apologize if I gave too much airtime to the pf + pfsync aspects of what I was trying to resolve, we largely worked around those by enabling carp preemption. --Kyle
