diff options
| author | Marco Pfatschbacher <mpf@cvs.openbsd.org> | 2005-02-03 17:51:13 +0000 |
|---|---|---|
| committer | Marco Pfatschbacher <mpf@cvs.openbsd.org> | 2005-02-03 17:51:13 +0000 |
| commit | de5dcfbcc9ef1f839679646c838677f7e882f3ed (patch) | |
| tree | ce53bdcd055772dd225825bb5f4c41466501636f /etc/ifstated.conf | |
| parent | 0a13b4121a45b492c104e476ae5bac68dea0cce4 (diff) | |
Simplify the ifstated syntax:
"carp0 link up" => carp0.link.up
"and" => &&
"or" => ||
* Allow one line actions after if statements without braces.
* Remove unecessary parentheses in the example config.
ok mcbride@
Diffstat (limited to 'etc/ifstated.conf')
| -rw-r--r-- | etc/ifstated.conf | 35 |
1 files changed, 14 insertions, 21 deletions
diff --git a/etc/ifstated.conf b/etc/ifstated.conf index 3b167c9b63b..a4e65d40e5a 100644 --- a/etc/ifstated.conf +++ b/etc/ifstated.conf @@ -1,4 +1,4 @@ -# $OpenBSD: ifstated.conf,v 1.4 2004/04/28 01:01:27 deraadt Exp $ +# $OpenBSD: ifstated.conf,v 1.5 2005/02/03 17:51:12 mpf Exp $ # This is a sample config for a pair of firewalls with two interfaces # # carp0 and carp1 have ip addresses on 192.168.3.0/24 and 192.168.6.0/24 @@ -10,28 +10,26 @@ # init-state primary # init-state backup -carp_up = "((carp0 link up) and (carp1 link up))" -carp_down = "((! carp0 link up) and (! carp1 link up))" -carp_sync = "((carp0 link up and carp1 link up) or \ - ((!carp0 link up) and (!carp1 link up)))" +carp_up = "carp0.link.up && carp1.link.up" +carp_down = "!carp0.link.up && !carp1.link.up" +carp_sync = "carp0.link.up && carp1.link.up || \ + !carp0.link.up && !carp1.link.up" # The "net" addresses are other addresses which can be used to determine # whether we have connectivity. Make sure the hosts are always up, or # test multiple ip's, 'or'-ing the tests. -net = '( "ping -q -c 1 -w 1 192.168.6.8 > /dev/null" every 10 and \ +net = '( "ping -q -c 1 -w 1 192.168.6.8 > /dev/null" every 10 && \ "ping -q -c 1 -w 1 192.168.3.8 > /dev/null" every 10)' # The peer addresses below are the real ip addresses of the OTHER firewall -peer = '( "ping -q -c 1 -w 1 192.168.6.7 > /dev/null" every 10 and \ +peer = '( "ping -q -c 1 -w 1 192.168.6.7 > /dev/null" every 10 && \ "ping -q -c 1 -w 1 192.168.3.7 > /dev/null" every 10)' state auto { - if $carp_up { + if $carp_up set-state primary - } - if $carp_down { + if $carp_down set-state backup - } } state primary { @@ -39,9 +37,8 @@ state primary { run "ifconfig carp0 advskew 10" run "ifconfig carp1 advskew 10" } - if ! $net { + if ! $net set-state demoted - } } state demoted { @@ -49,9 +46,8 @@ state demoted { run "ifconfig carp0 advskew 254" run "ifconfig carp1 advskew 254" } - if $net { + if $net set-state primary - } } state promoted { @@ -59,9 +55,8 @@ state promoted { run "ifconfig carp0 advskew 0" run "ifconfig carp1 advskew 0" } - if $peer or ! $net { + if $peer || ! $net set-state backup - } } state backup { @@ -71,9 +66,7 @@ state backup { } # The "sleep 5" below is a hack to dampen the $carp_sync when we come # out of promoted state. Thinking about the correct fix... - if ! $carp_sync and $net and "sleep 5" every 10 { - if (! $carp_sync) and $net { + if ! $carp_sync && $net && "sleep 5" every 10 + if ! $carp_sync && $net set-state promoted - } - } } |