there are some lower (bridge code) and upper (authpf) levels of interoperability with pf via API.
and this is possible to imagine simple daemon what acts as the pf's structure modification initiator (like authpf) based on a result of hosts or services checking conditions. conditions maybe generic (icmp echo request-reply, tcp connect) or protocol dependant (sql's SELECT @@VERSION, smtp's NOOP and etc). there are lot of applications: - generic hosts "is-alive" by icmp echo request-reply, - generic gateways "is-alive" by icmp echo request-reply, - generic services "is-alive" by tcp connect, - native per protocol "is-alive" ... and subsequent tables, anchors or rules modifications for round robin or redundancy needs. so... here it is... and don't beat me hard if this bicycle was already invented :)
