Fincer
/
openntpd-openbsd
mirror of https://github.com/Fincer/openntpd-openbsd
1
0
Fork 0
Code Issues 0 Projects 0 Releases 61 Wiki Activity
Source code pulled from OpenBSD for OpenNTPD. The place to contribute to this code is via the OpenBSD CVS tree.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4623 Commits
49 Branches
288 MiB
 
 
 
 
 
 
Tree: 55c0aad4e0
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '55c0aad4e0'
${ noResults }
openntpd-openbsd/src/etc/ifstated.conf

72 lines
1.9 KiB
Raw Blame History

# $OpenBSD: ifstated.conf,v 1.6 2005/02/07 06:08:10 david Exp $
# This is a sample config for a pair of firewalls with two interfaces
#
# carp0 and carp1 have ip addresses on 192.168.3.0/24 and 192.168.6.0/24
# respectively.
# net.inet.carp.preempt must be enabled (set to 1) for this to work correctly.
# Uncomment one of the following lines to force primary/backup status.
# init-state primary
# init-state backup
carp_up = "carp0.link.up && carp1.link.up"
carp_down = "!carp0.link.up && !carp1.link.up"
carp_sync = "carp0.link.up && carp1.link.up || \
!carp0.link.up && !carp1.link.up"
# The "net" addresses are other addresses which can be used to determine
# whether we have connectivity. Make sure the hosts are always up, or
# test multiple ip's, 'or'-ing the tests.
net = '( "ping -q -c 1 -w 1 192.168.6.8 > /dev/null" every 10 && \
"ping -q -c 1 -w 1 192.168.3.8 > /dev/null" every 10)'
# The peer addresses below are the real ip addresses of the OTHER firewall
peer = '( "ping -q -c 1 -w 1 192.168.6.7 > /dev/null" every 10 && \
"ping -q -c 1 -w 1 192.168.3.7 > /dev/null" every 10)'
state auto {
if $carp_up
set-state primary
if $carp_down
set-state backup
}
state primary {
init {
run "ifconfig carp0 advskew 10"
run "ifconfig carp1 advskew 10"
}
if ! $net
set-state demoted
}
state demoted {
init {
run "ifconfig carp0 advskew 254"
run "ifconfig carp1 advskew 254"
}
if $net
set-state primary
}
state promoted {
init {
run "ifconfig carp0 advskew 0"
run "ifconfig carp1 advskew 0"
}
if $peer || ! $net
set-state backup
}
state backup {
init {
run "ifconfig carp0 advskew 100"
run "ifconfig carp1 advskew 100"
}
# The "sleep 5" below is a hack to dampen the $carp_sync when we come
# out of promoted state. Thinking about the correct fix...
if ! $carp_sync && $net && "sleep 5" every 10
if ! $carp_sync && $net
set-state promoted
}