From owner-freebsd-pf@FreeBSD.ORG Sun Mar 6 05:00:21 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1199D16A4CE for ; Sun, 6 Mar 2005 05:00:21 +0000 (GMT) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id 85EA343D31 for ; Sun, 6 Mar 2005 05:00:20 +0000 (GMT) (envelope-from jsimola@gmail.com) Received: by wproxy.gmail.com with SMTP id 69so979458wri for ; Sat, 05 Mar 2005 21:00:20 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=F8GCH63o1bvS5brSsvUzUO+nvP+psc3ld4CXpZBlu95iebvEl830qopc8Ouu/reFbO5W5DrViG5qvSR/Mj2nmPfNycKasCfuQ/J9WaIDbcZRxjIycphJOVUKLEiHbZdoijvaGcbcThg9R0EWbXhihIj02uP5c6XW/U51Bq2iwuI= Received: by 10.54.34.25 with SMTP id h25mr15162wrh; Sat, 05 Mar 2005 21:00:19 -0800 (PST) Received: by 10.54.39.34 with HTTP; Sat, 5 Mar 2005 21:00:18 -0800 (PST) Message-ID: <8eea040805030521005347c44e@mail.gmail.com> Date: Sat, 5 Mar 2005 21:00:18 -0800 From: Jon Simola To: freebsd-pf@freebsd.org In-Reply-To: <62956.81.30.200.207.1110031162.squirrel@81.30.200.207> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit References: <62956.81.30.200.207.1110031162.squirrel@81.30.200.207> Subject: Re: pfsync + pfflowd + flow-tools (ifconfig maxupd)? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: jon@abccomm.com List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Mar 2005 05:00:21 -0000 On Sat, 5 Mar 2005 08:59:22 -0500 (EST), vsavichev@wesleyan.edu wrote: > does it mean i have to set syncif iface on FreeBSD if i want > to change maxupd parameter? After applying a patch, man ifconfig doesn't > show any trace of maxupd parameter presented (apart it is there ...). Once you've applied the CARP patch, you can set the maxupd for the pfsync interface, but you are correct that the man page makes no mention of that. I suspect it's merely an oversight, as the working code is more important than the minor documentation required. People playing with unofficially released code should be used to minimal docs and reading the source to find out what really goes on. > Does syncif post any additional workload on iface? Apart to change maxupd > i'm not really in a need to syncif for a moment. All the PF and CARP docs suggest a dedicated interface for pfsync, mostly due to security issues. The most common implementation I would assume is a pair of firewalls each with 3 interfaces (internal, external, and sync connected via a xover cable). -- Jon Simola Systems Administrator ABC Communications