Date: Sat, 5 Mar 2005 21:00:18 -0800 From: Jon Simola <jsimola@gmail.com> To: freebsd-pf@freebsd.org Subject: Re: pfsync + pfflowd + flow-tools (ifconfig maxupd)? Message-ID: <8eea040805030521005347c44e@mail.gmail.com> In-Reply-To: <62956.81.30.200.207.1110031162.squirrel@81.30.200.207> References: <62956.81.30.200.207.1110031162.squirrel@81.30.200.207>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 5 Mar 2005 08:59:22 -0500 (EST), vsavichev@wesleyan.edu <vsavichev@wesleyan.edu> wrote: > does it mean i have to set syncif iface on FreeBSD if i want > to change maxupd parameter? After applying a patch, man ifconfig doesn't > show any trace of maxupd parameter presented (apart it is there ...). Once you've applied the CARP patch, you can set the maxupd for the pfsync interface, but you are correct that the man page makes no mention of that. I suspect it's merely an oversight, as the working code is more important than the minor documentation required. People playing with unofficially released code should be used to minimal docs and reading the source to find out what really goes on. > Does syncif post any additional workload on iface? Apart to change maxupd > i'm not really in a need to syncif for a moment. All the PF and CARP docs suggest a dedicated interface for pfsync, mostly due to security issues. The most common implementation I would assume is a pair of firewalls each with 3 interfaces (internal, external, and sync connected via a xover cable). -- Jon Simola Systems Administrator ABC Communications
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8eea040805030521005347c44e>