Date: Wed, 25 Oct 2000 19:13:40 -0400 (EDT) From: Chris BeHanna <behanna@zbzoom.net> To: freebsd-hackers@freebsd.org Subject: Re: question for the freebsd community Message-ID: <Pine.BSF.4.21.0010251910050.22113-100000@topperwein.dyndns.org> In-Reply-To: <39F71657.8855C56D@polyserve.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 25 Oct 2000, Michelle R. Sanchez, CNE wrote:
> [...company makes high availability clustering software, and
> supports FreeBSD...]
>
> we have had a lot of requests from customers wishing to make their
> firewalls highly available by clustering them together and putting a
> service monitor on the firewall port in case the firewall daemon should
> hang. this is probably not very likely but they would like to be able to
> do so in any case.
>
> my questions are these:
>
> 1] is it a good idea to try to put a service monitor on IPFW? If so,
> does this compromise the firewall in any way?
ipfw is not a daemon, and does not have a designated port to
monitor--it's a kernel option to do packet filtering. If a kernel is
built with the IPFIREWALL option, and the machine is running, then the
firewall is also running, period. That should make the monitor as
simple as asking the machine "Are you alive?". :-)
I'd suggest "man ipfw" and also look at /sys/i386/conf/LINT for
more details.
--
Chris BeHanna
Software Engineer (at yourfit.com)
behanna@zbzoom.net
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0010251910050.22113-100000>