PF, The OpenBSD Packet Filter: Building The Network You Need: BSDCan, Ottawa, June 10th 2015 | ||
---|---|---|
Prev | Next |
Pass CARP traffic on the appropriate interfaces
pass on $carpdevs proto carp keep state
Pass pfsync traffic on the appropriate interfaces
pass on $syncdev proto pfsync
Some traffic doesn't make sense to fail over
pass in on $int_if from $ssh_allowed to self keep state (no-sync)
PF sees the traffic on the physical interface