pfsync ignoring stale update

Mark Pagulayan m.pagulayan at
Sun Jun 15 22:28:14 UTC 2008

Hi Guys, 


I was just wondering if you could help me out with my problem on why
state count are different on my Active and Standby FW. The state count
on my Standby FW is much bigger than my Active FW.  When I did debug
mode on the standby FW(pfctl -mx loud) I noticed that there were message
saying "pfsync: ignoring stale update". Is this the one causing the
state table to unsynchronize? If this is it, any ideas on how to fix


Here is my setup 


Setup: PF is use as Layer 2 Firewall


---------------------               ---------------------

-                   -   pfsync   -                    -

- Active FW   - --------------- Standby FW -

-                   -               -                    -

---------------------               ---------------------


Failover happens with OSPF. 



Help would be greatly appreciated. 


Best Regards, 


Mark Pagulayan

University Of Auckland


More information about the freebsd-pf mailing list