From owner-freebsd-security@FreeBSD.ORG Thu Mar 27 08:21:50 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DEAE737B401 for ; Thu, 27 Mar 2003 08:21:50 -0800 (PST) Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id CE04743FA3 for ; Thu, 27 Mar 2003 08:21:46 -0800 (PST) (envelope-from keramida@ceid.upatras.gr) Received: from gothmog.gr (patr530-a040.otenet.gr [212.205.215.40]) by mailsrv.otenet.gr (8.12.8/8.12.8) with ESMTP id h2RGLgd8008845; Thu, 27 Mar 2003 18:21:43 +0200 (EET) Received: from gothmog.gr (gothmog [127.0.0.1]) by gothmog.gr (8.12.8/8.12.8) with ESMTP id h2RGLfTr016171; Thu, 27 Mar 2003 18:21:41 +0200 (EET) (envelope-from keramida@ceid.upatras.gr) Received: (from giorgos@localhost) by gothmog.gr (8.12.8/8.12.8/Submit) id h2RGLbLA016166; Thu, 27 Mar 2003 18:21:37 +0200 (EET) (envelope-from keramida@ceid.upatras.gr) Date: Thu, 27 Mar 2003 18:21:37 +0200 From: Giorgos Keramidas To: Markus Boelter Message-ID: <20030327162137.GA16141@gothmog.gr> References: <3E82386C.000003.20487@ns.interchange.ca> <20030327103945.GA8208@gothmog.gr> <20030327145525.GF24413@mitternachtsstun.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030327145525.GF24413@mitternachtsstun.de> X-RAVMilter-Version: 8.4.2(snapshot 20021217) (terpsi) X-Spam-Status: No, hits=-25.3 required=5.0 tests=AWL,EMAIL_ATTRIBUTION,IN_REP_TO,QUOTED_EMAIL_TEXT, RCVD_IN_UNCONFIRMED_DSBL,REFERENCES,REPLY_WITH_QUOTES autolearn=ham version=2.50 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.50 (1.173-2003-02-20-exp) cc: freebsd-security@freebsd.org Subject: Re: Multiple Firewalls with ipfilter? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Mar 2003 16:21:52 -0000 On 2003-03-27 15:55, Markus Boelter wrote: >On Thu, Mar 27, 2003 at 12:39:45PM +0200, Giorgos Keramidas wrote: >> Hmmm, you could probably do some ingenious stuff with ipfs and a >> shared disk partition, where the 'active' firewall save its state >> periodically. When this falls over, the code that handles the switch >> to the 'backup' machine could reload the state from the shared disk :) > > Hm - and if the disk fails, you don't have redundancy :)) Erm, it quickly gets ugly, but you can always save state in a disk that is local to any of the two machines, i.e. one that is shared over the network from some other place where you can guarantee redundancy using other means. Anyway, I'm not a high-availability expert, so I should shuttup now :)