![[BACK]](/icons/back.gif){kind=icon}
Return to ifstated.conf CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / etc / examples|
Return to ifstated.conf CVS log | Up to [local] / src / etc / examples |
| File: [local] / src / etc / examples / ifstated.conf (download)
Revision 1.3, Sun Feb 11 01:31:28 2024 UTC (3 months, 2 weeks ago) by jsg
firefall -> firewall, from Joel Carnat |
# $OpenBSD: ifstated.conf,v 1.3 2024/02/11 01:31:28 jsg Exp $
# This is a sample config for a pair of firewalls with three physical interfaces
#
# The two firewall interfaces are made redundant on each side using
# carp0 and carp1.
#
# A third interface em2 connects each firewall to the DMZ where it can
# reach a syslog server with the IP 192.168.1.10
#
# This config does two things:
# 1. Monitor the reachability of the syslog server and demote
# the carp interface group to provoke a failover if the syslog server
# is not reachable. We do that by using ping(1) and checking
# the link state of em2.
# 2. Log carp failovers
dmz_if_up = 'em2.link.up'
dmz_if_down = 'em2.link.down'
syslog_ok = '"ping -q -c 1 -w 1 192.168.1.10 >/dev/null 2>&1" every 10'
# ifstated starts up with the first defined state
state neutral {
if $dmz_if_down {
run "logger -st ifstated 'interface to syslog server em2 is down'"
set-state demoted
}
if ! $syslog_ok {
run "logger -st ifstated 'could not reach syslog server'"
set-state demoted
}
}
state demoted {
init {
run "ifconfig -g carp carpdemote"
}
if $dmz_if_up && $syslog_ok {
run "logger -st ifstated 'syslog server is ok again'"
# remove our carp demotion
run "ifconfig -g carp -carpdemote"
set-state neutral
}
}
# commands in the global scope are always run
if carp0.link.up
run "logger -st ifstated 'carp0 is master'"
if carp0.link.down
run "logger -st ifstated 'carp0 is backup'"