Allen: On Wed, Sep 18, 2013 at 1:43 PM, Allen Pomeroy <[email protected]> wrote:
> Why don't you consider something like OpenBSD's packet filter (pf), > pfsync, and CARP? That would provide a better (hitless) HA solution for > firewalls. I also use fwbuilder.org to graphically manage the firewall > rules. I am tied to CentOS-6.3 > The best use for a cluster is services that can take a hit while the > cluster migrates resources from a failed node to a healthy node. Firewalls > are a special case where you want the 'failover' to happen in near realtime > including the in memory firewall state table and the IP MAC addresses on > each segment. > >> >> I was looking at conntrackd . thanks, Jeff
_______________________________________________ Pacemaker mailing list: [email protected] http://oss.clusterlabs.org/mailman/listinfo/pacemaker Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://bugs.clusterlabs.org
