View Single Post
  #2   (View Single Post)  
Old 30th September 2010
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,318
Default

Quote:
Originally Posted by zazen View Post
Is there anyone who could help me with some links or some method of updating a firewall running OBSD/PF ?
It is worth studying the Upgrade Guide:

http://www.openbsd.org/faq/upgrade47.html

Also, installing from USB was discussed here some time back:

http://www.daemonforums.org/showthread.php?t=4576
Quote:
The book "building firewalls with OB & PF" only states that it is unwise to install the compiler on a firewall.
This is not a hard & fast opinion. In fact, the project developers were arguing on misc@ that not having a compiler available causes too many to take less than secure shortcuts:

http://marc.info/?t=114654956200001&r=1&w=2
Quote:
Building the packages on a remote machine is all very well but, once the packages are installed on the remote machine how can I possibly figure out how to get all that stuff on the firewall...
Install the packages on the firewall pointing PKG_PATH to the build machine.
Quote:
... or what exactly has to be moved changed updated etc....
Figuring out what needs to be upgraded has been recently discussed here:

http://www.daemonforums.org/showthre...3873#post33873
Quote:
for that matter, some of these "make install"s spit out a couple of pages of output onto the terminal.
I suspect you are saying the firewall is running headless. If connecting to the firewall via SSH is not possible on the internal interface, why not connect a null modem cable from a laptop & monitor updates/installations from a serial connection?
Reply With Quote