Le sam 03/05/2003 à 00:01, Zack Lawson a écrit : > I am trying to setup up a failover firewall using heartbeat. Everything > seems to work just fine except for the fact that the state of existing > connections is lost when the running firewall is stopped. > Is there any way to share the info in /proc/net/ip_conntrack between > these 2 systems? I am not aware of a free working solution based on Netfilter that would provide firewall states failover. There have been discussion (see low traffic netfilter-failover mailing list) about this. > If not, does anyone else have any ideas or solutions to this problem? > I know that Cisco firewalls have this capability. I would be surprised > if netfilter couldn't accomplish this as well. It can't now, but it is planed. It will use nf-netlink and ct-netlink you can find in POM. -- Cédric Blancher <blancher@xxxxxxxxxxxxxxxxxx> IT systems and networks security - Cartel Sécurité Phone : +33 (0)1 44 06 97 87 - Fax: +33 (0)1 44 06 97 99 PGP KeyID:157E98EE FingerPrint:FA62226DA9E72FA8AECAA240008B480E157E98EE
