diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2007-05-14 23:56:48 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2007-05-14 23:56:48 +0000 |
commit | b42ad736116b14726c85af01a2a897f977c0418a (patch) | |
tree | 15409c34254f74ff3549041d8d7c5076ea150c3c | |
parent | 9b1b06b5d8f041e335baea4313175648c5c01a82 (diff) | |
download | pfsense-b42ad736116b14726c85af01a2a897f977c0418a.zip pfsense-b42ad736116b14726c85af01a2a897f977c0418a.tar.gz |
Use pfSync SYNCPEER directive if defined.
Ticket #1317
-rw-r--r-- | etc/inc/interfaces.inc | 12 | ||||
-rw-r--r-- | usr/local/pkg/carp_settings.xml | 8 |
2 files changed, 17 insertions, 3 deletions
diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 2c0c86b..7739981 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -379,6 +379,7 @@ function interfaces_carp_configure() { $pfsyncenabled = $carp['pfsyncenabled']; $balanacing = $carp['balancing']; $pfsyncinterface = $carp['pfsyncinterface']; + $pfsyncpeerip = $carp['pfsyncpeerip']; } } else { unset($pfsyncinterface); @@ -402,10 +403,15 @@ function interfaces_carp_configure() { exec("/sbin/pfctl -f /tmp/rules.boot"); } /* setup pfsync interface */ - if($carp_sync_int and $pfsyncenabled) - mwexec("/sbin/ifconfig pfsync0 syncdev {$carp_sync_int} up"); - else + if($carp_sync_int and $pfsyncenabled) { + if($pfsyncpeerip) { + mwexec("/sbin/ifconfig pfsync0 syncdev {$carp_sync_int} syncpeer {$pfsyncpeerip} up"); + } else { + mwexec("/sbin/ifconfig pfsync0 syncdev {$carp_sync_int} up"); + } + } else { mwexec("/sbin/ifconfig pfsync0 syncdev lo0 up"); + } $fd = fopen("/tmp/carp.sh", "w"); if($config['virtualip']['vip']) { $viparr = &$config['virtualip']['vip']; diff --git a/usr/local/pkg/carp_settings.xml b/usr/local/pkg/carp_settings.xml index 4970d4c..704fb91 100644 --- a/usr/local/pkg/carp_settings.xml +++ b/usr/local/pkg/carp_settings.xml @@ -69,6 +69,14 @@ </description> </field> <field> + <fielddescr>pfSync sync peer IP</fielddescr> + <fieldname>pfsyncpeerip</fieldname> + <type>input</type> + <description> + Setting this option will force pfSync to synchronize its stable tables to this IP address. The default is directed multicast. + </description> + </field> + <field> <fielddescr>Synchronize rules</fielddescr> <fieldname>synchronizerules</fieldname> <description>When this option is enabled, this system will automatically sync the firewalls rules over to the other carp when changes are made..</description> |