[54853] in North American Network Operators' Group
Re: Merits of purpose-built (appliance) vs. FreeBSD+ipfw firewalls
daemon@ATHENA.MIT.EDU (Stefan Paletta)
Sat Jan 18 21:15:06 2003
Date: Sun, 19 Jan 2003 03:13:17 +0100
To: nanog@merit.edu
In-Reply-To: <Pine.BSO.4.21.0301181100210.17021-100000@chalupa.wi2600.org>
From: Stefan Paletta <stefanp@cabal1.com>
Mail-Followup-To: pf@benzedrine.cx
Errors-To: owner-nanog-outgoing@merit.edu
[Mail-Followup-To points to the pf list]
Tony Kapela wrote/schrieb/scripsit:
> Forget all the ARP/ifconfig/heartbeat fudgery that'd be required to
> acheive failover on *bsd with ipf/pf -- just finding a simple way to
> move said state table from host to host seems interesting and
> challenging.
OpenBSD's pf is moving there. -current now has the pfsync pseudo-
interface that exposes changes to the state table as they happen.
A daemon to make use of that for said purpose is expected after the
3.3 release.
'Rumor' says, a non patent-emcumbered vrrp-like mechanism will be
available as well.
-Stefan
--
junior guru SP666-RIPE SMP@{IRC,SILC}
