pf/carp for redundant production use

Yep, the same behavior when the master dies. The solution that the person in #pf told me is use routing but I don't know how to implement. He told me that it's an issue in pf's NAT.




Hi everyone,

Just chat with someone in #pf and found out that pf at the moment cannot maintain state on TCP connections from internal machine to external machine when network cable on master firewall's external interface is removed.

Anyways, most connections are coming from outside to inside and that is working well. :)

Is the same true when the master dies ??

