From owner-freebsd-security  Mon Jun 10 16:47:59 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mail.quantified.com (ns2.quantified.com [63.212.171.3])
	by hub.freebsd.org (Postfix) with ESMTP id 5AC2637B410
	for <security@FreeBSD.ORG>; Mon, 10 Jun 2002 16:47:31 -0700 (PDT)
Received: from danzig.sd.quantified.net (web.quantified.com [63.212.171.5])
	by mail.quantified.com (8.12.1/8.12.1) with ESMTP id g5ANlJlg051659;
	Mon, 10 Jun 2002 16:47:19 -0700 (PDT)
	(envelope-from dsilver@urchin.com)
Date: Mon, 10 Jun 2002 16:47:22 -0700 (PDT)
From: Doug Silver <dsilver@urchin.com>
X-Sender: dsilver@danzig.sd.quantified.net
To: Mike Hoskins <mike@adept.org>
Cc: security@FreeBSD.ORG
Subject: Re: firewall 'stateful failover'
In-Reply-To: <20020610155455.Y96521-100000@snafu.adept.org>
Message-ID: <Pine.LNX.4.21.0206101646510.1199-100000@danzig.sd.quantified.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Filter-Version: 1.7 (mail.quantified.com)
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Mon, 10 Jun 2002, Mike Hoskins wrote:

> 
> Is there a way to handle the state table in ipfw/ipf?  I could write
> scripts to do 'failover', but I'm wandering if there's a way to 'share'
> the state table between active and standby units or to pass the state
> table from one firewall to another over a crossover.
> 
> I've briefly searched Google for 'BSD Firewall Failover', but didn't find
> a whole lot.  I'm looking for pointers to existing solutions, as well as
> generalized ideas (about good ways to do this, if it hasn't been done
> yet).  Of course I ideally want pointers to opensource solutions...  If
> none exist, this could be a fun project.  However, I find it hard to
> believe this wheel hasn't already been carved out of stone.
> 
> Later,
> -Mike
> 
> --
> "They that can give up essential liberty to obtain a little temporary
>  safety deserve neither liberty nor safety."  --Benjamin Franklin
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 

You might want to check the IP Filter mailing list as I know I've seen
this issue come up there.
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Doug Silver
Network Manager
Urchin Software Corp.	http://www.urchin.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message