Sitting here with an issue/question.
Testing out pfSense to see if it can be used in my workplace network. The issue I got is if you make a dedicated network for pfsync will you have to place a block on all lan networks to the sync network to secure it from spoofing?
You can just use rules on the pfsync interface to only allow from the pfsync subnet as a source.
pf is smart enough to not forward spoofed packets if they enter the "wrong" interface.