Decius wrote:
] Reknamorken wrote:
]
] ] Is this a potential mechanism for maintaining state on a
] ] couple of VRRP'ed OpenBSD pf firewalls???
] ]
] ] I know it's not what it's intended for, but you might be
] able
] ] to leverage his MAT capability in such a way.
]
] Hrm? I don't see how this helps. Its a proof of concept of the
] stuff from his defcon talk. The fact that you are "natting at
] layer 2" really doesn't help you move information between two
] gateways. Maybe you see something I don't...

They will both receive/process packets going through. Just block the packets on the secondary in and out. It will maintain it's own state. Roughly anyway.

Failover by having the secondary just stop being blocked.

RE: Slashdot | Black Ops of TCP/IP: Paketto Keiretsu 1.0 Release