This page has moved. Please go here
Lundman's Unix Projects

NetBSD Rules!
About .  Features .  Source .  Changelog .  Screenshots .  Example config . 
L4 Health Check Daemon for IP Filter.

  • Define as many clusters, with as many members as you need.
  • Automatically adds and removes "ipnat" rules as needed.
  • Flexible health check support, tcp-open, tcp-close, udp-open, udp-close, system.
  • Simple scripting available for health checks in send/expect syntax with fnmatch pattern comparison
  • Binary protocol supported in url-encoding style syntax (eg %0D)
  • system() like execution of external commands available. (spawn your own health-check testers)
  • Reload and restart leaving last-known-state available for less service impact.
  • SSL supported for TCP testers.
  • Optional IPF rules to sense RST return-packets for faster failure detection.
Please note, it will probably only work with recent versions of "IPFilter", such like V4.1 and above. It also requires to be compiled against IPFilter's header files (ip_fil.h, ip_nat.h, etc) but these are often not included with the Operating System.

News: Just added support to execute the "ipnat" command for better support and portability. This is not as efficient as using ioctl()s but much easier to compile. It should work with nearly all versions of IP Filter without any modifications to the OS.

Available in CVS under "l4ip"
Earlier (latest stable) tarball is available here:


Not much use for screenshots in daemons!
screen shot 1

  Example config