Re: Merits of purpose-built (appliance) vs. FreeBSD+ipfw firewalls

[Avleen Vig <lists-nanog () silverwraith com>]

On Sat, 18 Jan 2003, Tony Kapela wrote:

> I'm in total agreement as to the untily and significant
> headache-reduction that a *bsd os (with real interactive editor
> makes -- Vi for IOS must be too challenging). However, I do see a sore
> spot.
> One area that I've not seen much attention paid to (yet?) is
> failover. Don't assume that I'm advocating the use of a PIX
> here, but has anyone yet successfully used ipf/pf to export and
> then import the state tables on a backup host? In my experience, doing
> that w/ PIXen has been quite simple.

It'd be an interesting challenge to get this working with ipf/pf.

> Forget all the ARP/ifconfig/heartbeat fudgery that'd be required to
> acheive failover on *bsd with ipf/pf -- just finding a simple way to
> move said state table from host to host seems interesting and
> challenging.

ipf now has 'ipfs' which can dump and restore the current states table :-)