Annotation of src/etc/ifstated.conf, Revision 1.2
1.2 ! mcbride 1: # $OpenBSD: ifstated.conf,v 1.1 2004/02/04 23:49:36 mcbride Exp $
1.1 mcbride 2: # This is a sample config for a pair of firewalls with two interfaces
3: #
4: # carp0 and carp1 have ip addresses on 192.168.3.0/24 and 192.168.6.0/24
5: # respectively.
1.2 ! mcbride 6:
! 7: # net.inet.carp.preempt must be enabled (set to 1) for this to work correctly.
1.1 mcbride 8:
9: # Uncomment one of the following lines to force primary/backup status.
10: # init state primary
11: # init-state backup
12:
13: carp_up = "((carp0 link up) and (carp1 link up))"
14: carp_down = "((! carp0 link up) and (! carp1 link up))"
15: carp_sync = "((carp0 link up and carp1 link up) or \
16: ((!carp0 link up) and (!carp1 link up)))"
17:
18: # The "net" addresses are other addresses which can be used to determine
19: # whether we have connectivity. Make sure the hosts are always up, or
20: # test multiple ip's, 'or'-ing the tests.
21: net = '( "ping -q -c 1 -w 1 192.168.6.8 > /dev/null" every 10 and \
22: "ping -q -c 1 -w 1 192.168.3.8 > /dev/null" every 10)'
23:
24: # The peer addresses below are the real ip addresses of the OTHER firewall
25: peer = '( "ping -q -c 1 -w 1 192.168.6.7 > /dev/null" every 10 and \
26: "ping -q -c 1 -w 1 192.168.3.7 > /dev/null" every 10)'
27:
28: state auto {
29: if $carp_up {
30: set-state primary
31: }
32: if $carp_down {
33: set-state backup
34: }
35: }
36:
37: state primary {
38: init {
39: run "ifconfig carp0 advskew 10"
40: run "ifconfig carp1 advskew 10"
41: }
42: if ! $net {
43: set-state demoted
44: }
45: }
46:
47: state demoted {
48: init {
49: run "ifconfig carp0 advskew 254"
50: run "ifconfig carp1 advskew 254"
51: }
52: if $net {
53: set-state primary
54: }
55: }
56:
57: state promoted {
58: init {
59: run "ifconfig carp0 advskew 0"
60: run "ifconfig carp1 advskew 0"
61: }
62: if $peer or ! $net {
63: set-state backup
64: }
65: }
66:
67: state backup {
68: init {
69: run "ifconfig carp0 advskew 100"
70: run "ifconfig carp1 advskew 100"
71: }
72: # The "sleep 5" below is a hack to dampen the $carp_sync when we come
73: # out of promoted state. Thinking about the correct fix...
74: if ! $carp_sync and $net and "sleep 5" every 10 {
75: if (! $carp_sync) and $net {
76: set-state promoted
77: }
78: }
79: }
![[BACK]](/icons/back.gif){kind=icon}
Return to ifstated.conf CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / etc