pfsync
| pfsync | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Version: | 6 (OpenBSD 5.1) | ||||||||||||||
| Operation area: | Synchronization of states |
||||||||||||||
|
|||||||||||||||
pfsync - an abbreviation for p acket f ilter sync hronization (German: packet filters Synchronization) - is a network protocol to firewall -States between PF to synchronize firewalls.
use
It was developed by the developers of the PF firewall as part of the OpenBSD project. The synchronization is used in high-availability firewalls where a slave has to take over its tasks if the master fails. pfsync is therefore used in connection with Common Address Redundancy Protocol (CARP).
protocol
The protocol is binary and is based directly on the IP protocol. The pfsync messages are datagrams and are sent as an IP payload. The message includes a header , several sub-headers and data. These are transmitted via IPv4 or IPv6. The messages about changes in the state table can be sent as a broadcast or unicast packet.