Date: Fri, 26 May 2006 17:19:10 -0500 From: David DeSimone <fox@verio.net> To: freebsd-net@freebsd.org Subject: How to force full sync using pfsync? Message-ID: <20060526221909.GA31000@verio.net>
next in thread | raw e-mail | index | archive | help
I have a strange problem between two PF firewalls in a cluster, with pfsync enabled. When I reboot one of the cluster members, the state tables do synchronize and populate with some of the same connection states, but not all of them. In particular, long-lived, extant connections seem to never show up in the rebooted member's state table. I figured that doing ifconfig down/up would send some sort of "full sync" message between the two members, to cause the entire state table to be sent in bulk. But, no such behavior seems to come about. It seems to me that only connection updates are being sent between the cluster members. There is no "full sync" done at startup. Do I misunderstand? Is there a misconfiguration that can lead to this strange behavior? -- David DeSimone == Network Admin == fox@verio.net "It took me fifteen years to discover that I had no talent for writing, but I couldn't give it up because by that time I was too famous. -- Robert Benchley
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060526221909.GA31000>