From owner-freebsd-security@FreeBSD.ORG Thu Mar 27 03:24:36 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 923B637B401 for ; Thu, 27 Mar 2003 03:24:36 -0800 (PST) Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5B86543F3F for ; Thu, 27 Mar 2003 03:24:34 -0800 (PST) (envelope-from keramida@ceid.upatras.gr) Received: from gothmog.gr (patr364-a24.otenet.gr [195.167.109.56]) by mailsrv.otenet.gr (8.12.8/8.12.8) with ESMTP id h2RBO8h1018808; Thu, 27 Mar 2003 13:24:10 +0200 (EET) Received: from gothmog.gr (gothmog [127.0.0.1]) by gothmog.gr (8.12.8/8.12.8) with ESMTP id h2RBO7Tr008899; Thu, 27 Mar 2003 13:24:07 +0200 (EET) (envelope-from keramida@ceid.upatras.gr) Received: (from giorgos@localhost) by gothmog.gr (8.12.8/8.12.8/Submit) id h2RAdjVu008478; Thu, 27 Mar 2003 12:39:45 +0200 (EET) (envelope-from keramida@ceid.upatras.gr) Date: Thu, 27 Mar 2003 12:39:45 +0200 From: Giorgos Keramidas To: Michael Richards Message-ID: <20030327103945.GA8208@gothmog.gr> References: <3E82386C.000003.20487@ns.interchange.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3E82386C.000003.20487@ns.interchange.ca> X-RAVMilter-Version: 8.4.2(snapshot 20021217) (terpsi) X-Spam-Status: No, hits=-25.3 required=5.0 tests=AWL,EMAIL_ATTRIBUTION,IN_REP_TO,QUOTED_EMAIL_TEXT, RCVD_IN_UNCONFIRMED_DSBL,REFERENCES,REPLY_WITH_QUOTES autolearn=ham version=2.50 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.50 (1.173-2003-02-20-exp) cc: freebsd-security@freebsd.org Subject: Re: Multiple Firewalls with ipfilter? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Mar 2003 11:24:39 -0000 On 2003-03-26 18:31, Michael Richards wrote: > The problem here is really 2 pronged: > 1) I need some means of realising that the firewall just died and > transparently switching over to the backup or load balancing the two > so if one dies the other takes up the slack. > > 2) I need a means of syncing the state info so existing connections > won't be torn down if they end up going through the other firewall. Hmmm, you could probably do some ingenious stuff with ipfs and a shared disk partition, where the 'active' firewall save its state periodically. When this falls over, the code that handles the switch to the 'backup' machine could reload the state from the shared disk :)