In some mail from Mike Hoskins, sie said:
>
>
> Is there a way to handle the state table in ipfw/ipf? I could write
> scripts to do 'failover', but I'm wandering if there's a way to 'share'
> the state table between active and standby units or to pass the state
> table from one firewall to another over a crossover.
>
> I've briefly searched Google for 'BSD Firewall Failover', but didn't find
> a whole lot. I'm looking for pointers to existing solutions, as well as
> generalized ideas (about good ways to do this, if it hasn't been done
> yet). Of course I ideally want pointers to opensource solutions... If
> none exist, this could be a fun project. However, I find it hard to
> believe this wheel hasn't already been carved out of stone.

You can use ipfs to save & restore state/NAT tables in IPFilter.
But that's as far as I've gone.

Darren

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]