Merits of purpose-built (appliance) vs. FreeBSD+ipfw firewalls

• Previous message (by thread): Merits of purpose-built (appliance) vs. FreeBSD+ipfw firewalls
• Next message (by thread): Is there a line of defense against Distributed Reflective attacks?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[Mail-Followup-To points to the pf list]

Tony Kapela wrote/schrieb/scripsit:
> Forget all the ARP/ifconfig/heartbeat fudgery that'd be required to
> acheive failover on *bsd with ipf/pf -- just finding a simple way to
> move said state table from host to host seems interesting and
> challenging. 

OpenBSD's pf is moving there. -current now has the pfsync pseudo-
interface that exposes changes to the state table as they happen.
A daemon to make use of that for said purpose is expected after the
3.3 release.
'Rumor' says, a non patent-emcumbered vrrp-like mechanism will be
available as well.

-Stefan
-- 
 junior guru                               SP666-RIPE  SMP@{IRC,SILC}

• Previous message (by thread): Merits of purpose-built (appliance) vs. FreeBSD+ipfw firewalls
• Next message (by thread): Is there a line of defense against Distributed Reflective attacks?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]