pfsync

The OpenBSD PF firewall

Pfsync - an abbreviation of the packet filter syncronization ( German: packet filter synchronization) - is to synchronize a network protocol for firewall States between PF firewalls.

Use

It was developed by the developers of the PF firewall as part of the OpenBSD project. Synchronization is used in highly available firewalls, in which a slave when failure of the master must take over his duties. pfsync is therefore used in connection with the Common Address Redundancy Protocol ( CARP ).

Protocol

The protocol is binary and is directly based on the IP protocol. The pfsync messages are datagrams are sent as IP payload. The message contains a header that several sub- header and data. These are transmitted via IPv4 or IPv6. The news about changes in the state table can be sent as a broadcast or unicast packet.