From owner-freebsd-security Mon Jun 10 16:11: 1 2002 Delivered-To: freebsd-security@freebsd.org Received: from snafu.adept.org (snafu.adept.org [63.201.63.44]) by hub.freebsd.org (Postfix) with ESMTP id 4EBC137B40D for ; Mon, 10 Jun 2002 16:10:58 -0700 (PDT) Received: by snafu.adept.org (Postfix, from userid 1000) id 39DDD9EE33; Mon, 10 Jun 2002 16:10:56 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by snafu.adept.org (Postfix) with ESMTP id 325CA9B001 for ; Mon, 10 Jun 2002 16:10:56 -0700 (PDT) Date: Mon, 10 Jun 2002 16:10:56 -0700 (PDT) From: Mike Hoskins To: Subject: firewall 'stateful failover' Message-ID: <20020610155455.Y96521-100000@snafu.adept.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Is there a way to handle the state table in ipfw/ipf? I could write scripts to do 'failover', but I'm wandering if there's a way to 'share' the state table between active and standby units or to pass the state table from one firewall to another over a crossover. I've briefly searched Google for 'BSD Firewall Failover', but didn't find a whole lot. I'm looking for pointers to existing solutions, as well as generalized ideas (about good ways to do this, if it hasn't been done yet). Of course I ideally want pointers to opensource solutions... If none exist, this could be a fun project. However, I find it hard to believe this wheel hasn't already been carved out of stone. Later, -Mike -- "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." --Benjamin Franklin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message