[ previous ] [ next ] [ threads ]
 From:  "Tonix (Antonio Nati)" <tonix at interazioni dot it>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] CARP/VRRP on monowall
 Date:  Fri, 31 Dec 2010 09:47:37 +0100
Il 30/12/2010 23:25, Chris Buechler ha scritto:
> On Thu, Dec 30, 2010 at 4:20 AM, Tonix (Antonio Nati)
> <tonix at interazioni dot it>  wrote:
>> Is there any short/middle plan about adding carp/vrrp to monowall?
> Not sure on any plans. ipfilter doesn't support any type of firewall
> state synchronization so it couldn't have stateful failover. CARP or
> VRRP could allow you to fail over, but all your connections would be
> dropped. That's a very serious problem in some networks, though not
> even noticed in others. Losing all states is generally unacceptable in
> the types of environments that require HA firewalls, which may be why
> it hasn't gotten attention to date.

I agree, but consider one stop every two years could be quite acceptable 
for the most of situations... If you don't make continuos "switch" 
between two FW, it is quite acceptable... anyway, better one stop than 
waiting for the hw being changed!

Is there a possibility to use pf, as well as other software (like 
nanobsd) for faster upgrades?



         Inter@zioni            Interazioni di Antonio Nati
    http://www.interazioni.it      tonix at interazioni dot it