building a iptables-firewallcluster
hidden at balabit.hu
Mon Aug 22 13:50:48 CEST 2005
On Sunday 21 August 2005 15.37, Marc Schoechlin wrote:
> > Is this now part of the linux-kernel or are there now other
> > strategies to build firewallclusters for load-balancing and/or
> > high-availability ?
> > Where can i get detailed information about the installation of a
> > iptables-based firewall-cluster ?
> No resonse for two weeks - am i right to assume that this
> project is dead ?
Almost, but not completely dead.
Current code can be found in the netfilter SVN repository, take a look
at these URLs:
The linux-2.6 branch is the current (actually quite old) code for
2.6.10; the linux-2.6-actact branch is Harald's latest development
version (configurable through sysfs, capable of participating in
multiple sync groups, etc.). This latter branch is even more
experimental than the linux-2.6 branch, of course...
Some of the infrastructure necessary for this code (namely conntrack
events) will be part of Linux 2.6.14 (it's already in David Miller's
2.6.14 networking branch). Unfortunately Harald's -actact branch is far
from being complete, and porting this code for the (slightly changed)
Linux-2.6.14 infrastructure is to be done. Slightly more information
can be found in the netfilter-ha mailing list archive (yes, I know,
that list seems to be dead as well).
Unfortunately Harald does not seem to have the time necessary to work
on this project right now, and neither do I. (Apart from this, I also
don't have the devices necessary to do _any_ testing apart from
compiling the code...)
Sorry for the late answer, but the case is that I very rarely read the
'netfilter' mailing list.
More information about the netfilter