Annotation of elwix/config/etc/default/ifstated.conf, revision 1.1
1.1 ! misho 1: # $OpenBSD: ifstated.conf,v 1.6 2005/02/07 06:08:10 david Exp $
! 2: # This is a sample config for a pair of firewalls with two interfaces
! 3: #
! 4: # carp0 and carp1 have ip addresses on 192.168.3.0/24 and 192.168.6.0/24
! 5: # respectively.
! 6:
! 7: # net.inet.carp.preempt must be enabled (set to 1) for this to work correctly.
! 8:
! 9: # Uncomment one of the following lines to force primary/backup status.
! 10: # init-state primary
! 11: # init-state backup
! 12:
! 13: carp_up = "carp0.link.up && carp1.link.up"
! 14: carp_down = "!carp0.link.up && !carp1.link.up"
! 15: carp_sync = "carp0.link.up && carp1.link.up || \
! 16: !carp0.link.up && !carp1.link.up"
! 17:
! 18: # The "net" addresses are other addresses which can be used to determine
! 19: # whether we have connectivity. Make sure the hosts are always up, or
! 20: # test multiple ip's, 'or'-ing the tests.
! 21: net = '( "ping -q -c 1 -w 1 192.168.6.8 > /dev/null" every 10 && \
! 22: "ping -q -c 1 -w 1 192.168.3.8 > /dev/null" every 10)'
! 23:
! 24: # The peer addresses below are the real ip addresses of the OTHER firewall
! 25: peer = '( "ping -q -c 1 -w 1 192.168.6.7 > /dev/null" every 10 && \
! 26: "ping -q -c 1 -w 1 192.168.3.7 > /dev/null" every 10)'
! 27:
! 28: state auto {
! 29: if $carp_up
! 30: set-state primary
! 31: if $carp_down
! 32: set-state backup
! 33: }
! 34:
! 35: state primary {
! 36: init {
! 37: run "ifconfig carp0 advskew 10"
! 38: run "ifconfig carp1 advskew 10"
! 39: }
! 40: if ! $net
! 41: set-state demoted
! 42: }
! 43:
! 44: state demoted {
! 45: init {
! 46: run "ifconfig carp0 advskew 254"
! 47: run "ifconfig carp1 advskew 254"
! 48: }
! 49: if $net
! 50: set-state primary
! 51: }
! 52:
! 53: state promoted {
! 54: init {
! 55: run "ifconfig carp0 advskew 0"
! 56: run "ifconfig carp1 advskew 0"
! 57: }
! 58: if $peer || ! $net
! 59: set-state backup
! 60: }
! 61:
! 62: state backup {
! 63: init {
! 64: run "ifconfig carp0 advskew 100"
! 65: run "ifconfig carp1 advskew 100"
! 66: }
! 67: # The "sleep 5" below is a hack to dampen the $carp_sync when we come
! 68: # out of promoted state. Thinking about the correct fix...
! 69: if ! $carp_sync && $net && "sleep 5" every 10
! 70: if ! $carp_sync && $net
! 71: set-state promoted
! 72: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>