... > Heartbeat can do this. You'll want to setup something (could just be a > shell script either run by hand or by cron) to rsync certain things like the > iptables config to the standby FW...and setup a cron job on the standby FW > to restart iptables when necessary, i.e. > > # has iptables been updated? > * * * * * root test /etc/sysconfig/iptables -nt /var/lock/subsys/iptables && > service iptables restart > > Setup properly, if FW1 dies or loses its uplink, etc., FW2 will take over, > and open connections will be lost, but other than that, life will go on. That's perfect. > I've been using the old heartbeat (comes with CentOS/RHEL 4/5.x) for this. > As of 6.x, heartbeat is deprecated and you're expected to use pacemaker > instead. Perfect thanks. I'll give it a try this weekend. Cheers Anton -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
