Am 24.04.2012 10:50, schrieb Gerald A:
Well, I'm sure you've heard of "never change a running system"... and my 2.0.1 installations are running just fine right now, and that's the way I like them. ;-)I'm usually a pretty ardent follower of this rule myself -- except when it comes to outside facing systems. With anything that is pointing in the direction of the "outside", whether that be the Internet or other hordes you don't want having extra access to your internal networks, you really have to work a bit harder to keep it up to date.
Uh, don't get me wrong, I'm all for timely updates that fix security issues. I just don't want to drag fancy stuff along that I don't need. And at present, that's what full IPv6 support is for me.
My suggestion is that you have a couple of boxes to do this -- you don't need anything too fancy or expensive for the second box -- and then you can simply upgrade the second one, swap them to see if there are issues and quickly swap back if there are any, and when you get your "warm fuzzy" feeling, upgrade the original.
This works fine when you're on-site to pull the plug on a misbehaving system, but not with remote locations where your only access is through the firewall that you're updating.
-Stefan _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
