I'm curious, How does everyone maintain their firewalls when patching them? Do you use cvs or a manual patch? Or do you compile things on a separate system and do "binary patch" on the firewall?
It would seem that CVS (tracking -stable) is the best way. The problem with this though is you have to put the compiler on the firewall. Ideally you want your firewall stripped down. But since you need to compile patches, it seems hard to avoid. Comments? Apologies as I realize this is not technically a pf question, but I am interested in the case of a firewall, not a general purpose machine. <> Jim
