[ previous ] [ next ] [ threads ]
 From:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] CARP/VRRP on monowall
 Date:  Thu, 30 Dec 2010 17:25:37 -0500
On Thu, Dec 30, 2010 at 4:20 AM, Tonix (Antonio Nati)
<tonix at interazioni dot it> wrote:
> Is there any short/middle plan about adding carp/vrrp to monowall?

Not sure on any plans. ipfilter doesn't support any type of firewall
state synchronization so it couldn't have stateful failover. CARP or
VRRP could allow you to fail over, but all your connections would be
dropped. That's a very serious problem in some networks, though not
even noticed in others. Losing all states is generally unacceptable in
the types of environments that require HA firewalls, which may be why
it hasn't gotten attention to date.