North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: Merits of purpose-built (appliance) vs. FreeBSD+ipfw firewalls
- From: Avleen Vig
- Date: Sat Jan 18 12:14:54 2003
On Sat, 18 Jan 2003, Tony Kapela wrote:
> I'm in total agreement as to the untily and significant
> headache-reduction that a *bsd os (with real interactive editor
> makes -- Vi for IOS must be too challenging). However, I do see a sore
> spot.
> One area that I've not seen much attention paid to (yet?) is
> failover. Don't assume that I'm advocating the use of a PIX
> here, but has anyone yet successfully used ipf/pf to export and
> then import the state tables on a backup host? In my experience, doing
> that w/ PIXen has been quite simple.
It'd be an interesting challenge to get this working with ipf/pf.
> Forget all the ARP/ifconfig/heartbeat fudgery that'd be required to
> acheive failover on *bsd with ipf/pf -- just finding a simple way to
> move said state table from host to host seems interesting and
> challenging.
ipf now has 'ipfs' which can dump and restore the current states table :-)
|
