Annotation of src/etc/ifstated.conf, Revision 1.1
1.1 ! mcbride 1: # $OpenBSD$
! 2: # This is a sample config for a pair of firewalls with two interfaces
! 3: #
! 4: # carp0 and carp1 have ip addresses on 192.168.3.0/24 and 192.168.6.0/24
! 5: # respectively.
! 6:
! 7: # Uncomment one of the following lines to force primary/backup status.
! 8: # init state primary
! 9: # init-state backup
! 10:
! 11: carp_up = "((carp0 link up) and (carp1 link up))"
! 12: carp_down = "((! carp0 link up) and (! carp1 link up))"
! 13: carp_sync = "((carp0 link up and carp1 link up) or \
! 14: ((!carp0 link up) and (!carp1 link up)))"
! 15:
! 16: # The "net" addresses are other addresses which can be used to determine
! 17: # whether we have connectivity. Make sure the hosts are always up, or
! 18: # test multiple ip's, 'or'-ing the tests.
! 19: net = '( "ping -q -c 1 -w 1 192.168.6.8 > /dev/null" every 10 and \
! 20: "ping -q -c 1 -w 1 192.168.3.8 > /dev/null" every 10)'
! 21:
! 22: # The peer addresses below are the real ip addresses of the OTHER firewall
! 23: peer = '( "ping -q -c 1 -w 1 192.168.6.7 > /dev/null" every 10 and \
! 24: "ping -q -c 1 -w 1 192.168.3.7 > /dev/null" every 10)'
! 25:
! 26: state auto {
! 27: if $carp_up {
! 28: set-state primary
! 29: }
! 30: if $carp_down {
! 31: set-state backup
! 32: }
! 33: }
! 34:
! 35: state primary {
! 36: init {
! 37: run "ifconfig carp0 advskew 10"
! 38: run "ifconfig carp1 advskew 10"
! 39: }
! 40: if ! $net {
! 41: set-state demoted
! 42: }
! 43: }
! 44:
! 45: state demoted {
! 46: init {
! 47: run "ifconfig carp0 advskew 254"
! 48: run "ifconfig carp1 advskew 254"
! 49: }
! 50: if $net {
! 51: set-state primary
! 52: }
! 53: }
! 54:
! 55: state promoted {
! 56: init {
! 57: run "ifconfig carp0 advskew 0"
! 58: run "ifconfig carp1 advskew 0"
! 59: }
! 60: if $peer or ! $net {
! 61: set-state backup
! 62: }
! 63: }
! 64:
! 65: state backup {
! 66: init {
! 67: run "ifconfig carp0 advskew 100"
! 68: run "ifconfig carp1 advskew 100"
! 69: }
! 70: # The "sleep 5" below is a hack to dampen the $carp_sync when we come
! 71: # out of promoted state. Thinking about the correct fix...
! 72: if ! $carp_sync and $net and "sleep 5" every 10 {
! 73: if (! $carp_sync) and $net {
! 74: set-state promoted
! 75: }
! 76: }
! 77: }
![[BACK]](/icons/back.gif){kind=icon}
Return to ifstated.conf CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / etc