No XMLRPC Sync flag not honored ?
-
I have a 2-node CARP system, and have 3 'issues' with XMLRPC Sync.
Both with 1.2.3 snapshot from February 2009 and the latest (2009-07-18-1920) 1.2.3 snapshot.-
NAT Rules are still synced despite the 'No XMLRPC Sync' flag set.
When I create a NAT rule on primary node with this flag set, it still get's synced to the secondary node. -
If you create a NAT rule with 'No XMLRPC Sync' flag and 'auto-create firewall rule' flag,
the firewall rule is not configured with the 'No XMLRPC Sync' flag.
Since this could be desired behaviour, perhaps an option could be added like 'No XMLRPC Sync for firewall rule' ? -
When you create either NAT or Firewall rules on the secondary node, these are deleted as soon as you make a change on the primary node (if syncing of those rules is enabled in the CARP settings. It seems all rules are deleted on secondary, and filled again with all rules from primary?) This makes the creation of some rules impossible, eg. redirection of ports on the WAN-interface of a secondary. A bypass could be to honor the 'No XMLRPC Sync' flag on the secondary as well, and to KEEP rules with that flag set. However, then you still have to distinguish between rules created on the primary and secondary. Maybe a new flag ('No XMLRPC Delete' or something like that) ?
I do find a 'bug' that had the same problem in 2006-03-02 (http://cvstrac.pfsense.com/tktview?tn=848),
but it is marked as closed…Created a new ticket :
http://cvstrac.pfsense.com/tktview?tn=1939http://redmine.pfsense.org/issues/show/38UPDATE:
Seems the nosync issue is a PHP internal issue, but it looks like I found a 'fix' for it.
-