Date: Wed, 16 May 2007 17:06:56 -0700 From: "Kian Mohageri" <kian.mohageri@gmail.com> To: "Tom Judge" <tom@tomjudge.com> Cc: David DeSimone <fox@verio.net>, freebsd-pf@freebsd.org Subject: Re: Packet Path Through PF (onec for each interface?) Message-ID: <fee88ee40705161706u553a576csf400418b88f7535f@mail.gmail.com> In-Reply-To: <464B7E3D.1030507@tomjudge.com> References: <464B487C.1050301@tomjudge.com> <20070516195948.GA22335@verio.net> <464B6A29.2020107@tomjudge.com> <20070516213836.GB22335@verio.net> <464B7E3D.1030507@tomjudge.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 5/16/07, Tom Judge <tom@tomjudge.com> wrote: > em0 and bge0 > em2 and bce0 > em3 and bce1 > > Do all the interface names have to match on the HA pair? Yes they do - but that is only if you use an if-bound state-policy, which isn't default. Keep in mind also that states also have a direction associated with them. Take this for example from my firewalls: # pfctl -ss | grep 66.165.31.204 all tcp 66.165.31.204:22 <- 71.227.220.29:1854 ESTABLISHED:ESTABLISHED all tcp 71.227.220.29:1854 -> 66.165.31.204:22 ESTABLISHED:ESTABLISHED You should read Daniel Hartmeier's (PF developer) 3-part article on Undeadly. Maybe it will clear things up for you. http://www.undeadly.org/cgi?action=article&sid=20060927091645 Kian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?fee88ee40705161706u553a576csf400418b88f7535f>