pfsync + pfflowd + flow-tools (ifconfig maxupd)?
Jon Simola
jsimola at gmail.com
Sun Mar 6 05:00:21 GMT 2005
On Sat, 5 Mar 2005 08:59:22 -0500 (EST), vsavichev at wesleyan.edu
<vsavichev at wesleyan.edu> wrote:
> does it mean i have to set syncif iface on FreeBSD if i want
> to change maxupd parameter? After applying a patch, man ifconfig doesn't
> show any trace of maxupd parameter presented (apart it is there ...).
Once you've applied the CARP patch, you can set the maxupd for the
pfsync interface, but you are correct that the man page makes no
mention of that. I suspect it's merely an oversight, as the working
code is more important than the minor documentation required. People
playing with unofficially released code should be used to minimal docs
and reading the source to find out what really goes on.
> Does syncif post any additional workload on iface? Apart to change maxupd
> i'm not really in a need to syncif for a moment.
All the PF and CARP docs suggest a dedicated interface for pfsync,
mostly due to security issues. The most common implementation I would
assume is a pair of firewalls each with 3 interfaces (internal,
external, and sync connected via a xover cable).
--
Jon Simola
Systems Administrator
ABC Communications
More information about the freebsd-pf
mailing list