Project

General

Profile

Actions

Bug #11964

closed

pfBlocker XMLRPC sync CARP interface advskew

Added by Viktor Gurov over 3 years ago. Updated almost 3 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Viktor Gurov
Category:
pfBlockerNG
Target version:
-
Start date:
05/26/2021
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:

Description

https://forum.netgate.com/topic/163709/dns-resolver-not-listening-on-lan-carp-vip-after-update-to-2-5-1/8:

Just wanted to let you know the problem was with the pfBlocker XMLRPC SYNC: it is also synching the SKEW value of the
pfBlocker interface to the 2nd node which it should not (should remain more than the primary or 100 as default). Every 
complete reload/sync the CARP VIP is updated with a value of 0 hence it crashes shortly after. I posted this also in the 
pfBlockerNG group for clarity.

advskew must be increased before sync to the secondary node:
https://github.com/pfsense/pfsense/blob/360ed1660d8c050f9e3c05b0ce1476362a0fc4b0/src/etc/rc.filter_synchronize#L61

Actions

Also available in: Atom PDF