Any commercial firewall product can be reconfigured without the need for downtime, having to reboot a machine just to add a simply port forward (for example) is ridiculous.
I work in a large corporate environment where downtime is a dirty word, all other businesses I've ever worked in / with would not accept that scenario, quite simply it's a product which would not meet the basic requirements that any reasonably sized company (or a lot of small companies) require. I would not want to have to come in out of hours and reconfigure and reboot a firewall, test the config, change it if necessary, repeat until done. You simply can't do things like that during the day when you have business dependent systems which require a full time internet connection. Some places I've worked operate 24/7/365 and any downtime (yes even a minute or so for a reboot) would lose them money. JeremyB. > From: Martin Baehr <[EMAIL PROTECTED]> > Date: 2002/02/15 Fri AM 02:41:05 GMT+12:00 > To: [EMAIL PROTECTED] > CC: Matthew Gregan <[EMAIL PROTECTED]>, Linux-Users ><[EMAIL PROTECTED]> > Subject: Re: Re: Running Linux Firewalls in a halted state (i.e. runlevel 0!) > > not true, another security measure would be to run the system of > a cdrom (have it send logs to another machine) > then reconfiguring would mean writing a new cd image, > whcih means you would do it from another machine, > then throw in the new cd into your "secure" machine > reboot and off you go, minimal downtime. > > greetings, martin. > -- > i am looking for a job anywhere in the world, doing pike programming, > caudium/pike/roxen training, roxen/caudium and/or unix system administration. > -- > pike programmer Traveling in Singapore (www|db).hb2.tuwien.ac.at > unix (iaeste|bahai).or.at (www.archlab|iaeste).tuwien.ac.at > systemadministrator (stuts|black.linux-m68k).org mud.at is.(schon.org|root.at) > Martin B"ahr http://www.iaeste.or.at/~mbaehr/ >
