On Thursday 15 September 2005 19:08, A. Khattri wrote: > Shame we dont have anything like CARP for Linux yet... (unless someone > knows better?).
UCARP, but it's fundamentally flawed, as iptables has no method to keep state tables in sync between machines. Personally, I prefer to have iptables set up to allow traffic over connections that are already established. This way you can swap firewalls (and update arp), reboot them, etc, without interupting the connection. Far from perfect, but it works to a degree. -- Mike Williams -- gentoo-user@gentoo.org mailing list
