Tom Eastep wrote: > On Fri, 2007-08-24 at 12:20 +1000, James Gray wrote: > >> >> "Nearly 100%"...yes. Try up-selling that to management who wont even >> give me 15 minutes of downtime on a weekend :P >> > > If your management demands that level of up-time then they surely must > provide you with one or more test firewalls where you can verify new > software releases in a semi-live environment.
It's not so much that the firewall is uber-critical, it's a cultural thing. Upgrades take a while as the paranoia of "down time" is high. ;) > And even if the misers don't do that for you, you are running Shorewall > 3.4; so you can: > > shorewall compile <configuration> <firewall-a> #under shorewall 3.4 > > and > > shorewall compile <configuration> <firewall-b> #under shorewall 4.0 > > then: > > diff -au <firewall-a> <firewall-b> Good idea - I haven't even thought that far through it yet, but that looks like it will save some time. Thanks. > This firewall stuff really isn't as complicated as brain surgery.... > > -Tom (who has worked in the ultra high-availability market sector since > 1980). You beat me by about a decade :D -- James ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
