Tom Eastep wrote:
> On Fri, 2007-08-24 at 12:20 +1000, James Gray wrote:
> 
>>
>> "Nearly 100%"...yes.  Try up-selling that to management who wont even 
>> give me 15 minutes of downtime on a weekend :P
>>
> 
> If your management demands that level of up-time then they surely must
> provide you with one or more test firewalls where you can verify new
> software releases in a semi-live environment.

It's not so much that the firewall is uber-critical, it's a cultural 
thing.  Upgrades take a while as the paranoia of "down time" is high. ;)

> And even if the misers don't do that for you, you are running Shorewall
> 3.4; so you can:
> 
> shorewall compile <configuration> <firewall-a> #under shorewall 3.4
> 
> and
> 
> shorewall compile <configuration> <firewall-b> #under shorewall 4.0
> 
> then:
> 
> diff -au <firewall-a> <firewall-b>

Good idea - I haven't even thought that far through it yet, but that 
looks like it will save some time.  Thanks.

> This firewall stuff really isn't as complicated as brain surgery....
> 
> -Tom (who has worked in the ultra high-availability market sector since
> 1980).

You beat me by about a decade :D

-- 
James

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to