Hello Fellow Forum Members--
I am considering a pair of firewalls controlled by CARP for a little more availability in my Internet connection. I have found examples of this using PF and PFSYNC between the machines for even better switchover, when needed and have managed to synthesize a configuration that seems to work. But I am interested in possibly changing to IPFW instead of PF. Has anyone got experience with such a configuration? If so, can you forewarn me of gotchas I might run into? There does not appear to be a means to synchronize state in IPFW as there is using pfsync in PF. Am I missing something, or is it neither available or needed in such a configuration?
Any guidance, including "Just use PF", would be appreciated.
Thanks,
QuesoGrande
I am considering a pair of firewalls controlled by CARP for a little more availability in my Internet connection. I have found examples of this using PF and PFSYNC between the machines for even better switchover, when needed and have managed to synthesize a configuration that seems to work. But I am interested in possibly changing to IPFW instead of PF. Has anyone got experience with such a configuration? If so, can you forewarn me of gotchas I might run into? There does not appear to be a means to synchronize state in IPFW as there is using pfsync in PF. Am I missing something, or is it neither available or needed in such a configuration?
Any guidance, including "Just use PF", would be appreciated.
Thanks,
QuesoGrande
