--- On Tue, 9/18/12, Lee Brown <[email protected]> wrote: > FYI, if you are not tied to Linux, *BSD has pfsync/ucarp which provides > a stateful failover solution. Search google for BSD ucarp pfsync. > Caveat: I've not implemented this, but it seems a nice solution.
Thanks. I'm aware of the BSD solution. However, pfsync is to BSD as conntrackd is to Linux. ucarp is a port of BSD's carp. So carp is to BSD as ucarp (or keepalived for that matter) is to Linux (or other unix OS). So basically, I think one should be able to do the same with both Linux and *BSD. Unless netfilter/Linux kernel didn't optimize their software for this kind of application (seamless fail-over on dead gateway detection) whereas BSD/pf on the other hand did. I guess I'll have to try and find out. Thanks Vieri ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
