File:  [ELWIX - Embedded LightWeight unIX -] / elwix / config / etc / default / ifstated.conf
Revision 1.1.1.1 (vendor branch): download - view: text, annotated - select for diffs - revision graph
Tue Jul 5 23:43:00 2011 UTC (13 years, 3 months ago) by misho
Branches: misho, MAIN
CVS tags: start, elwix2_8, elwix2_7, elwix2_6, elwix2_3, elwix2_2, elwix2_1, elwix2_0, elwix1_9_mips, elwix1_9, elwix1_8, elwix1_7, elwix1_6, elwix1_5, elwix1_4, Patch1, HEAD, ELWIX2_7, ELWIX2_6, ELWIX2_5, ELWIX2_2p0, ELWIX2_1, ELWIX2_0, ELWIX1_9, ELWIX1_8, ELWIX1_7, ELWIX1_6, ELWIX1_5
ELWIX project

    1: # $OpenBSD: ifstated.conf,v 1.6 2005/02/07 06:08:10 david Exp $
    2: # This is a sample config for a pair of firewalls with two interfaces
    3: #
    4: # carp0 and carp1 have ip addresses on 192.168.3.0/24 and 192.168.6.0/24
    5: # respectively.
    6: 
    7: # net.inet.carp.preempt must be enabled (set to 1) for this to work correctly.
    8: 
    9: # Uncomment one of the following lines to force primary/backup status.
   10: # init-state primary
   11: # init-state backup
   12: 
   13: carp_up = "carp0.link.up && carp1.link.up"
   14: carp_down = "!carp0.link.up && !carp1.link.up"
   15: carp_sync = "carp0.link.up && carp1.link.up || \
   16:     !carp0.link.up && !carp1.link.up"
   17: 
   18: # The "net" addresses are other addresses which can be used to determine
   19: # whether we have connectivity. Make sure the hosts are always up, or
   20: # test multiple ip's, 'or'-ing the tests.
   21: net = '( "ping -q -c 1 -w 1 192.168.6.8 > /dev/null" every 10 && \
   22:     "ping -q -c 1 -w 1 192.168.3.8 > /dev/null" every 10)'
   23: 
   24: # The peer addresses below are the real ip addresses of the OTHER firewall
   25: peer = '( "ping -q -c 1 -w 1 192.168.6.7 > /dev/null" every 10 && \
   26:     "ping -q -c 1 -w 1 192.168.3.7 > /dev/null" every 10)'
   27: 
   28: state auto {
   29: 	if $carp_up
   30: 		set-state primary
   31: 	if $carp_down
   32: 		set-state backup
   33: }
   34: 
   35: state primary {
   36: 	init {
   37: 		run "ifconfig carp0 advskew 10"
   38: 		run "ifconfig carp1 advskew 10"
   39: 	}
   40: 	if ! $net
   41: 		set-state demoted
   42: }
   43: 
   44: state demoted {
   45: 	init {
   46: 		run "ifconfig carp0 advskew 254"
   47: 		run "ifconfig carp1 advskew 254"
   48: 	}
   49: 	if $net
   50: 		set-state primary
   51: }
   52: 
   53: state promoted {
   54: 	init {
   55: 		run "ifconfig carp0 advskew 0"
   56: 		run "ifconfig carp1 advskew 0"
   57: 	}
   58: 	if $peer || ! $net
   59: 		set-state backup
   60: }
   61: 
   62: state backup {
   63: 	init {
   64: 		run "ifconfig carp0 advskew 100"
   65: 		run "ifconfig carp1 advskew 100"
   66: 	}
   67: 	# The "sleep 5" below is a hack to dampen the $carp_sync when we come
   68: 	# out of promoted state. Thinking about the correct fix...
   69: 	if ! $carp_sync && $net && "sleep 5" every 10
   70: 		if ! $carp_sync && $net
   71: 			set-state promoted
   72: }

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>