Messages

1

High availability / pfSync and automated rulesets not applied

« on: February 12, 2021, 11:03:22 am »

Hi,

I was working on a full automation of opnsense firewalls to publish websites trough HA Proxy, setting up VIPs and of course firewall rules.
By the way, the API makes it much easyer to work with!
I noticed, that automated rules aren't synced to the slave node, even rules are configured to sync.

A quick look into the config.xml was interesting:
Normal rules are created under the tag <filter> of course.
Automated rules get a new tag created <filter Version "1.0.0">

Also the no sync flag is not set on these rules, so basically they should be included in the sync process.

Is this a known issue, or is this even a planned functionality?
Current workaround would only be creating these rules using the API on both firewalls, which of course I don't want to, as e.g HAProxy rules get synced fine, and in some cases I am running firewalls in cold standby.
Then I would always need to wake up the second / third firewalls to sync the rules.

Thanks for your answer, any workaround, how we extend pfSync for this would be appreciated.

Best regards
Merlin123