On 2008/12/28 17:52, Karl O. Pinc wrote: > > On 12/25/2008 07:54:35 AM, Federico Giannici wrote: >> We have an OpenBSD server acting as a firewall/QoS router (no nat or >> rdr). >> >> It has two requirements: >> >> A) It has to be as "transparent" as possible. So, if firewall is >> rebooted or the state table is flushed, it don't block already >> established connections or not assign the packets to the right >> queue. > > If you really want uptime then get 2 devices and use carp and > pfsync. That way one can fail or be upgraded and the other > will take over.
well, that or bridge + STP + pfsync.
