[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: IP Filter and IPMP on Solaris 10 (ipf 3.0.4, pfil 2.1.4)
From:       Phil Dibowitz <phil () ipom ! com>
Date:       2006-11-30 1:32:09
Message-ID: 456E3499.9000204 () ipom ! com
[Download RAW message or body]


Stuart Remphrey wrote:
> Thanks Jeff,
> 
> We've traditionally just used both interfaces in the IPF rules (Sol
> 9),
> but sometimes sessions seem to hang - not sure if that's the app
> or IPF+IPMP when the "other" interface is not standby, or when
> a failover occurs. Rules have "flags S keep state" or similar.

While it's still a safe-bet to use the 'flags S' before keep state, much of 
the window-issues surrounding the _need_ to do that are gone in modern IPF. 
So if your bonding your interfaces, you can probably safely drop that (with 
the caveat that obviously people can create states without a SYN packet) to 
work around your problem.

-- 
Phil Dibowitz                             phil@ipom.com
Freeware and Technical Pages              Insanity Palace of Metallica
http://www.phildev.net/                   http://www.ipom.com/

"Be who you are and say what you feel, because those who mind don't matter 
and those who matter don't mind."
  - Dr. Seuss



["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]