top | item 36615504

(no title)

What is pfsync and why do I care?

discuss

> pfsync is a computer protocol used to synchronise firewall states between machines running Packet Filter (PF) for high availability. It is used along with CARP to make sure a backup firewall has the same information as the main firewall. When the main machine in the firewall cluster dies, the backup machine is able to accept current connections without loss.

https://en.wikipedia.org/wiki/Pfsync

Looks pretty cool. Had no idea this existed, but glad to hear about it.

chasil|2 years ago

I am not sure if the latest edition covers pfsync and carp, but there is a book on this subject, "The Book of PF" by Peter N. M. Hansteen.

https://nostarch.com/pf3

OpenBSD's PF firewall has been adopted by Solaris, and I believe it is an option in FreeBSD and Linux.

https://en.wikipedia.org/wiki/PF_(firewall)

woleium|2 years ago

not just die, it allows you to run scheduled updates without interrupting service. I can update our gateways during the day without folks complaining.

It's been a feature of pfsense for many years (the smart kids have moved onto opensense now though)

tremon|2 years ago

http://man.openbsd.org/pfsync has more details. This is interesting, I also didn't know of its existence. That said, I've never had to administer multiple failover firewalls so my interest is purely out of curiosity.

vgivanovic|2 years ago

Thank you.