Firewall Failover With pfsync And CARP

Daniel Hartmeier writes "OpenBSD developer Ryan McBride explains the new firewall redundancy features in the upcoming OpenBSD 3.5 release in his article Firewall Failover with pfsync and CARP. CARP (Common Address Redundancy Protocol) is a free alternative to the patent-encumbered VRRP, responsible for electing masters in a firewall cluster, while pfsync syncronizes packet filter state information among nodes. The combination allows to replace single-point-of-failure firewalls with clusters of two (or more) nodes, which continue to filter ongoing and new connections when nodes fail. Additional features like arpbalance allow one to share a single IP address for multiple servers, transparently balancing load among them, and adapting to servers failing. Pre-order for OpenBSD 3.5 has started, CDs will ship May 1st."

Re:Mailto link?

[SillyNickName4me]

I'd say they come mainly from Theo wanting them due to all the fan mail he receives ;P

Re:I'm a firewall admin amongst other things..

[Bensmum]

And none of the reasons you provide have anything to do with GUI. All of the things you are talking about are already dealt with by existing tools that any remotely competant admin already uses for their servers.

You think apache isn't as good as IIS because they don't have a GUI too? Oh, wait, there are *THOUSANDS* of tools to manage, edit, and distribute text based config files. Its no more difficult to admin dozens of firewalls than it is to admin dozens of webservers.

Learn to do your job instead of trying to pretend you need something else to be able to do it. There are plenty of existing tools out there, if you seriously aren't happy with any of them, then maybe you should do your part and write whatever tool you need.