On Thu, 15 Sep 2005, Mike Williams wrote: > On Thursday 15 September 2005 19:08, A. Khattri wrote: > > Shame we dont have anything like CARP for Linux yet... (unless someone > > knows better?). > > UCARP, but it's fundamentally flawed, as iptables has no method to keep state > tables in sync between machines.
Yeah, we really need something like pfsync. > Personally, I prefer to have iptables set up to allow traffic over connections > that are already established. > This way you can swap firewalls (and update arp), reboot them, etc, without > interupting the connection. Far from perfect, but it works to a degree. Yep, this is what I use. -- -- gentoo-user@gentoo.org mailing list
