[Gllug] IPv6 and firewalls
Bruce Richardson
itsbruce at workshy.org
Tue Aug 11 23:28:58 UTC 2009
On Tue, Aug 11, 2009 at 11:57:55AM +0000, Chris wrote:
> > This is my preferred approach to firewalling. It used to require a lot
> > of patching and building of custom utilities but everything you need is
> > in the default kernels for most distributions these days.
> >
> I assume that it would not be possible to install a pair of boxes for
> fail-safe operation because they would send streams of duplicate packets,
> even when set for established links only.
There's more than one way to do HA safely with invisible firewalling
bridges. Spanning tree support is integral to the Linux bridging
support, but of course that makes the boxes slightly less invisible.
There are alternative network configurations involving separate cable
connections and Hearbeat (or an equivalent tool), which would preserve
the invisibility.
--
Bruce
I see a mouse. Where? There, on the stair. And its clumsy wooden
footwear makes it easy to trap and kill. -- Harry Hill
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 204 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20090812/cffda7f8/attachment.pgp>
-------------- next part --------------
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list