# urpf-failed and carp



## bilibou (Sep 12, 2009)

This is my first post so hello everyone ;-)

I've just set up a failover firewall with carp, everything is working well but i'm wondering if this rule in pf made to prevent adress spoofing: 
	
	



```
block in log quick from urpf-failed
```
 is working properly with carp. 

Thanks for your help


----------



## honk (Sep 13, 2009)

Why do you think that this doesn't work properly? Give it a try and test it.

cheers,
honk


----------



## brd@ (Sep 13, 2009)

Also, with the log statement you can just look at the pflog and see what it shows.. CARP is rather noisy on the network since it has to keep talking to the other machine to make sure they are alive.
	
	



```
tcpdump -i pflog0 -nn
```


----------



## bilibou (Sep 14, 2009)

I thought that it couldn't work because the routing of packets is unusual when carp is on. And also i've seen int the TODO list of openBSD 4.0 that they had to write some code to make sure that urpf works well with carp.

I'll give it a try and watch the logs but for now I have no access to the two gateways is carp. I let you know when i'd have test it.

Cheers


----------



## bilibou (Sep 15, 2009)

Apparently it works


----------

