[54841] in North American Network Operators' Group
Re: Merits of purpose-built (appliance) vs. FreeBSD+ipfw firewalls
daemon@ATHENA.MIT.EDU (Avleen Vig)
Sat Jan 18 12:13:18 2003
Date: Sat, 18 Jan 2003 09:11:15 -0800 (PST)
From: Avleen Vig <lists-nanog@silverwraith.com>
To: Tony Kapela <xam@chalupa.wi2600.org>
Cc: Scott Francis <darkuncle@darkuncle.net>,
Josh Brooks <user@mail.econolodgetulsa.com>,
"nanog@merit.edu" <nanog@merit.edu>
In-Reply-To: <Pine.BSO.4.21.0301181100210.17021-100000@chalupa.wi2600.org>
Errors-To: owner-nanog-outgoing@merit.edu
On Sat, 18 Jan 2003, Tony Kapela wrote:
> I'm in total agreement as to the untily and significant
> headache-reduction that a *bsd os (with real interactive editor
> makes -- Vi for IOS must be too challenging). However, I do see a sore
> spot.
> One area that I've not seen much attention paid to (yet?) is
> failover. Don't assume that I'm advocating the use of a PIX
> here, but has anyone yet successfully used ipf/pf to export and
> then import the state tables on a backup host? In my experience, doing
> that w/ PIXen has been quite simple.
It'd be an interesting challenge to get this working with ipf/pf.
> Forget all the ARP/ifconfig/heartbeat fudgery that'd be required to
> acheive failover on *bsd with ipf/pf -- just finding a simple way to
> move said state table from host to host seems interesting and
> challenging.
ipf now has 'ipfs' which can dump and restore the current states table :-)
