Return to ifstated.conf CVS log

Up to [local] / src / etc

indentation whitespace nits

# $OpenBSD: ifstated.conf,v 1.6 2005/02/07 06:08:10 david Exp $
# This is a sample config for a pair of firewalls with two interfaces
#
# carp0 and carp1 have ip addresses on 192.168.3.0/24 and 192.168.6.0/24
# respectively.

# net.inet.carp.preempt must be enabled (set to 1) for this to work correctly.

# Uncomment one of the following lines to force primary/backup status.
# init-state primary
# init-state backup

carp_up = "carp0.link.up && carp1.link.up"
carp_down = "!carp0.link.up && !carp1.link.up"
carp_sync = "carp0.link.up && carp1.link.up || \
    !carp0.link.up && !carp1.link.up"

# The "net" addresses are other addresses which can be used to determine
# whether we have connectivity. Make sure the hosts are always up, or
# test multiple ip's, 'or'-ing the tests.
net = '( "ping -q -c 1 -w 1 192.168.6.8 > /dev/null" every 10 && \
    "ping -q -c 1 -w 1 192.168.3.8 > /dev/null" every 10)'

# The peer addresses below are the real ip addresses of the OTHER firewall
peer = '( "ping -q -c 1 -w 1 192.168.6.7 > /dev/null" every 10 && \
    "ping -q -c 1 -w 1 192.168.3.7 > /dev/null" every 10)'

state auto {
	if $carp_up
		set-state primary
	if $carp_down
		set-state backup
}

state primary {
	init {
		run "ifconfig carp0 advskew 10"
		run "ifconfig carp1 advskew 10"
	}
	if ! $net
		set-state demoted
}

state demoted {
	init {
		run "ifconfig carp0 advskew 254"
		run "ifconfig carp1 advskew 254"
	}
	if $net
		set-state primary
}

state promoted {
	init {
		run "ifconfig carp0 advskew 0"
		run "ifconfig carp1 advskew 0"
	}
	if $peer || ! $net
		set-state backup
}

state backup {
	init {
		run "ifconfig carp0 advskew 100"
		run "ifconfig carp1 advskew 100"
	}
	# The "sleep 5" below is a hack to dampen the $carp_sync when we come
	# out of promoted state. Thinking about the correct fix...
	if ! $carp_sync && $net && "sleep 5" every 10
		if ! $carp_sync && $net
			set-state promoted
}