Allow/Deny hosts using lagg failover port.

[flx-]

Hi guys, its there a way to allow/deny hosts automatically when using a lagg failover port?. Let me explain my enviroment, i have 2 ISP, the main one acting as my master port link for the lagg failover configuration and the other one as my failover port of the config, the question is, how can i control wich hosts make use of the failover port (since this is the slowest one) every time this comes up on the lagg interface, rather than allowing the entire network, as the master port do for the lan as default?.

Im using FreeBSD 6-STABLE

pf as fw and squid 2.7-STABLE as proxy

Thanks in advance.

 

[Orum]

I can think of a few ways to do this. The simplest is, well, not using lagg for failover, and doing this via routing and running pf's filtering on different interfaces. If you still need lag for physical failover, use VLANs on top of it to get different interfaces to filter on.

If you really need lagg, you could probably set up some hackish script to parse output of ifconfig periodically and load a different ruleset on a change, or write a program to do something of a similar fashion via the API. Either way, it looks ugly. Perhaps some guru will know of a better way .

I'm curious, why are you still on 6, and STABLE at that?