File:
[ELWIX - Embedded LightWeight unIX -] /
elwix /
config /
etc /
default /
ifstated.conf
Revision
1.1.1.1 (vendor branch):
download - view:
text,
annotated -
select for diffs -
revision graph
Tue Jul 5 23:43:00 2011 UTC (13 years, 5 months ago) by
misho
Branches:
misho,
MAIN
CVS tags:
start,
elwix2_8,
elwix2_7,
elwix2_6,
elwix2_3,
elwix2_2,
elwix2_1,
elwix2_0,
elwix1_9_mips,
elwix1_9,
elwix1_8,
elwix1_7,
elwix1_6,
elwix1_5,
elwix1_4,
Patch1,
HEAD,
ELWIX2_7,
ELWIX2_6,
ELWIX2_5,
ELWIX2_2p0,
ELWIX2_1,
ELWIX2_0,
ELWIX1_9,
ELWIX1_8,
ELWIX1_7,
ELWIX1_6,
ELWIX1_5
ELWIX project
# $OpenBSD: ifstated.conf,v 1.6 2005/02/07 06:08:10 david Exp $
# This is a sample config for a pair of firewalls with two interfaces
#
# carp0 and carp1 have ip addresses on 192.168.3.0/24 and 192.168.6.0/24
# respectively.
# net.inet.carp.preempt must be enabled (set to 1) for this to work correctly.
# Uncomment one of the following lines to force primary/backup status.
# init-state primary
# init-state backup
carp_up = "carp0.link.up && carp1.link.up"
carp_down = "!carp0.link.up && !carp1.link.up"
carp_sync = "carp0.link.up && carp1.link.up || \
!carp0.link.up && !carp1.link.up"
# The "net" addresses are other addresses which can be used to determine
# whether we have connectivity. Make sure the hosts are always up, or
# test multiple ip's, 'or'-ing the tests.
net = '( "ping -q -c 1 -w 1 192.168.6.8 > /dev/null" every 10 && \
"ping -q -c 1 -w 1 192.168.3.8 > /dev/null" every 10)'
# The peer addresses below are the real ip addresses of the OTHER firewall
peer = '( "ping -q -c 1 -w 1 192.168.6.7 > /dev/null" every 10 && \
"ping -q -c 1 -w 1 192.168.3.7 > /dev/null" every 10)'
state auto {
if $carp_up
set-state primary
if $carp_down
set-state backup
}
state primary {
init {
run "ifconfig carp0 advskew 10"
run "ifconfig carp1 advskew 10"
}
if ! $net
set-state demoted
}
state demoted {
init {
run "ifconfig carp0 advskew 254"
run "ifconfig carp1 advskew 254"
}
if $net
set-state primary
}
state promoted {
init {
run "ifconfig carp0 advskew 0"
run "ifconfig carp1 advskew 0"
}
if $peer || ! $net
set-state backup
}
state backup {
init {
run "ifconfig carp0 advskew 100"
run "ifconfig carp1 advskew 100"
}
# The "sleep 5" below is a hack to dampen the $carp_sync when we come
# out of promoted state. Thinking about the correct fix...
if ! $carp_sync && $net && "sleep 5" every 10
if ! $carp_sync && $net
set-state promoted
}
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to ifstated.conf CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / elwix / config / etc / default