[Linux-ha-dev] problem with Route resource script

[Sebastian Reitenbach]

Michael Schwartzkopff <misch at multinet.de> wrote: 
> Am Mittwoch, 22. Oktober 2008 10:05 schrieb Sebastian Reitenbach:
> > Hi,
> >
> > I use the linux-ha 2.1.4 rpm's on opensuse 11, to manage a firewall.
> > The firewall has multiple vlan interfaces, without IP addresses in the
> > networks. The virtual IP addresses are managed via heartbeat.
> > The slave is unable to set a default route, and other routes needed on 
the
> > firewall, because it doesn't have an IP address in these networks yet.
> 
> Give the nodes dedicated IP addresses manged by the system itself and 
cluster 
> IP adderesses manged by CRM. Of course you will have to fix you policies 
for 
> the INPUT CHAIN, since on the active node every interface will have two IP 
> addresses.

I only have physical addresses on one interface. On the others, I don't want 
to add additional IP addresses. As a firewall cluster, it is a security 
related system, I want to keep it as easy as possible. Therefore I do not 
want to add additional IP addresses to the firewall, just only to please the 
cluster resource script. 
If one of my proposed changes is not wanted, then its easier for me to 
maintain my own Route resource script, with just the validate_route 
commented out, before I go and add additional IP addresses to the 
firewall ;)
However, if someone says, that small addition could be added to the script, 
I'd prefer to provide a patch to add a parameter to be able to disable the 
validation of the other routing related parameters.


thanks
Sebastian