From owner-freebsd-security Mon Jun 10 19: 6:43 2002 Delivered-To: freebsd-security@freebsd.org Received: from caligula.anu.edu.au (caligula.anu.edu.au [150.203.224.42]) by hub.freebsd.org (Postfix) with ESMTP id 8370A37B40A for ; Mon, 10 Jun 2002 19:06:38 -0700 (PDT) Received: (from avalon@localhost) by caligula.anu.edu.au (8.9.3/8.9.3) id MAA17580; Tue, 11 Jun 2002 12:06:34 +1000 (EST) From: Darren Reed Message-Id: <200206110206.MAA17580@caligula.anu.edu.au> Subject: Re: firewall 'stateful failover' To: mike@adept.org (Mike Hoskins) Date: Tue, 11 Jun 2002 12:06:34 +1000 (Australia/ACT) Cc: security@FreeBSD.ORG In-Reply-To: <20020610155455.Y96521-100000@snafu.adept.org> from "Mike Hoskins" at Jun 10, 2002 04:10:56 PM X-Mailer: ELM [version 2.5 PL1] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In some mail from Mike Hoskins, sie said: > > > Is there a way to handle the state table in ipfw/ipf? I could write > scripts to do 'failover', but I'm wandering if there's a way to 'share' > the state table between active and standby units or to pass the state > table from one firewall to another over a crossover. > > I've briefly searched Google for 'BSD Firewall Failover', but didn't find > a whole lot. I'm looking for pointers to existing solutions, as well as > generalized ideas (about good ways to do this, if it hasn't been done > yet). Of course I ideally want pointers to opensource solutions... If > none exist, this could be a fun project. However, I find it hard to > believe this wheel hasn't already been carved out of stone. You can use ipfs to save & restore state/NAT tables in IPFilter. But that's as far as I've gone. Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message