[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf/carp for redundant production use

Neil wrote:
Hi everyone,
Just chat with someone in #pf and found out that pf at the moment cannot maintain state on TCP connections from internal machine to external machine when network cable on master firewall's external interface is removed.
Anyways, most connections are coming from outside to inside and that is working well. :)

This person is talking about state being kept on the backup firewall (which gets promoted to master when the master's cable is unplugged)? If so, that doesn't make any sense whatsoever.