> Just looking at a "software" option to having a L4 load-balancer/health > check router/switch and exploring the possibility of ipfilter.
What you're suggesting requires some of the same things I'd like to use for butler, my secret-knock program. Namely, a ipf/ipnat API that contains the rule parser and code to manage dynamic rules. As it is, I'm going to get butler to call a preprocessor and then run ipf. I suppose that the ipf command line forms a type of API, but it isn't as powerful as I'd like. An API would also support the construction of a rule-management user interface, perhaps remote, which would be a good thing. > You can also add and remove ipnat rules dynamically by using (-r). I am > unsure if it can be done without losing current sessions? I believe it can if you don't use -F (for flush). > Has this already been done? I'm not familiar with the work that's happening in the Linux world, but I do know that there's been a lot of work on iptables & ipchains, so perhaps they would be alternatives for you. > I would imagine I could potentially also add rules to "log" any RST Meaning that the service has gone down but not the computer. That would be useful. Clifford Heath.
