Annotation of src/etc/ifstated.conf, Revision 1.6
1.6 ! david 1: # $OpenBSD: ifstated.conf,v 1.5 2005/02/03 17:51:12 mpf Exp $
1.1 mcbride 2: # This is a sample config for a pair of firewalls with two interfaces
3: #
4: # carp0 and carp1 have ip addresses on 192.168.3.0/24 and 192.168.6.0/24
1.4 deraadt 5: # respectively.
1.2 mcbride 6:
7: # net.inet.carp.preempt must be enabled (set to 1) for this to work correctly.
1.1 mcbride 8:
9: # Uncomment one of the following lines to force primary/backup status.
1.3 mcbride 10: # init-state primary
1.1 mcbride 11: # init-state backup
12:
1.5 mpf 13: carp_up = "carp0.link.up && carp1.link.up"
14: carp_down = "!carp0.link.up && !carp1.link.up"
15: carp_sync = "carp0.link.up && carp1.link.up || \
16: !carp0.link.up && !carp1.link.up"
1.1 mcbride 17:
18: # The "net" addresses are other addresses which can be used to determine
1.4 deraadt 19: # whether we have connectivity. Make sure the hosts are always up, or
1.1 mcbride 20: # test multiple ip's, 'or'-ing the tests.
1.5 mpf 21: net = '( "ping -q -c 1 -w 1 192.168.6.8 > /dev/null" every 10 && \
1.1 mcbride 22: "ping -q -c 1 -w 1 192.168.3.8 > /dev/null" every 10)'
23:
24: # The peer addresses below are the real ip addresses of the OTHER firewall
1.5 mpf 25: peer = '( "ping -q -c 1 -w 1 192.168.6.7 > /dev/null" every 10 && \
1.1 mcbride 26: "ping -q -c 1 -w 1 192.168.3.7 > /dev/null" every 10)'
27:
28: state auto {
1.5 mpf 29: if $carp_up
1.1 mcbride 30: set-state primary
1.5 mpf 31: if $carp_down
1.1 mcbride 32: set-state backup
33: }
34:
35: state primary {
36: init {
37: run "ifconfig carp0 advskew 10"
38: run "ifconfig carp1 advskew 10"
39: }
1.6 ! david 40: if ! $net
! 41: set-state demoted
1.1 mcbride 42: }
43:
44: state demoted {
45: init {
46: run "ifconfig carp0 advskew 254"
47: run "ifconfig carp1 advskew 254"
48: }
1.6 ! david 49: if $net
! 50: set-state primary
1.1 mcbride 51: }
52:
53: state promoted {
54: init {
55: run "ifconfig carp0 advskew 0"
56: run "ifconfig carp1 advskew 0"
57: }
1.5 mpf 58: if $peer || ! $net
1.1 mcbride 59: set-state backup
60: }
61:
62: state backup {
63: init {
64: run "ifconfig carp0 advskew 100"
65: run "ifconfig carp1 advskew 100"
66: }
67: # The "sleep 5" below is a hack to dampen the $carp_sync when we come
1.6 ! david 68: # out of promoted state. Thinking about the correct fix...
1.5 mpf 69: if ! $carp_sync && $net && "sleep 5" every 10
70: if ! $carp_sync && $net
1.1 mcbride 71: set-state promoted
72: }
![[BACK]](/icons/back.gif){kind=icon}
Return to ifstated.conf CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / etc