> 18 июля 2015 г., в 1:34, Giancarlo Razzolini <[email protected]>
> написал(а):
>
> Em 17-07-2015 17:38, [email protected] escreveu:
>> Thanks much for all your good help! I will try it.
>
> No problem.
>
>> For now I'm just still using probabilistic rules with quick keyword +
>> fallback rule but using mpath instead of rdomain and this works smoothly now!
Posting for reference.
I don't know why I just haven't thought of it at first time, but my task is
solveable easily by adding an anchor from dhclient-script like
echo "pass in on lan route-to { (cnmac1 `pfctl -t gw_cnmac1 -T show`), (cnmac2
`pfctl -t gw_cnmac2 -T show`) } least-states" | pfctl -a balancing -f -
>
> If I recall correctly, you could mix mpath with rdomains. But, as much as I
> like rdomains, I still prefer mpath for multiple ISP's setups.
>
>> If I'll need to setup multi-isp setup ever, I'll use anchors and "make
>> ifstated check for the gateways availability, and update the rules
>> accordingly" like you suggested.
>
> ifstated works great in this. It's a state machine, so you can code any
> scripts into it and handle very complex setups. The most complex I ever
> recall I've done was a firewall with 4 different ISP's, and a complex
> ruleset. There were all sorts of checks and failovers, lots of anchors. This
> was almost 10 years ago. Things have changed. But some didn't.
>
> Cheers,
> Giancarlo Razzolini
