Yeah, I saw that post about DNSBL. Sucks because that's a big part of what I'm looking for with this.Trying to figure out pfblocker on CARP....
I've used this extensively on single installs but not via CARP. Are there any considerations I should take into account? I was told by pfsense support when I first installed that firewalls should mirror (ie. have pfblocker installed on both, etc.)
Am I ok to configure FW1 on 10.0.10.1 with whatever pfblocker stuff I want then simply sync to 10.0.10.2 (FW2?) I don't have to worry about the CARP interface or sync issues between this package and that right (let's say CARP interface is on 10.0.10.250)
You can use CARP/HA in pfSense without issue. The package has an XMLRPC sync Tab that allows for the configuration of the package to be sync'd to other boxes... But with the current DNSBL code, this will cause issues with the DNSBL VIP, as both pfSense boxes will have the same DNSBL VIP address..
I had one user several months ago ask if this could be addressed and I did create a patch to get this addressed... If you are able to test it out, shoot me a PM if that works for you...
Unfortunately I cannot test on that (it's prod.) If I get to it, I'll try to set either my home up with CARP (was thinking about doing it in the future between proxmox and physical anyway) or at least two pfsense VMs in my homelab.
I will let you know as I'd like to test it and help out. I've used pfblocker for so long it's the least I can do.