Uploaded image for project: 'TrueNAS'
  1. TrueNAS
  2. NAS-105472

invesigate pf.conf.block usefulness

    XMLWordPrintable

Details

    • Improvement
    • Status: Done (View Workflow)
    • Low
    • Resolution: Complete
    • TrueNAS 11.3-U2
    • None
    • HA

    Description

      TrueNAS HA systems implement a global lock on all CARP interfaces until the system is fully booted. This means no traffic will work on the VIP until the system is "ready".

      Since pf.conf.block is configured to only block on the VIP addresses and is only enabled on the passive storage controller, nothing is really being blocked because the VIP mac address will only exist on a single switchport for the active controller.

      I need to investigate if this code is still useful.

      Attachments

        Attachments

          JEditor

            Activity

              People

                caleb Caleb St. John
                caleb Caleb St. John
                Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: