You know. The way the package system is setup now, we should be able to get bad packages I to pfsense in a better way. I wonder if we can have a chroot environment and a manually installed packages part of pfsense.
On May 16, 2017 6:12 PM, "Steve Yates" <[email protected]> wrote: Supposedly one can just install FreeBSD packages (https://doc.pfsense.org/ index.php/Installing_FreeBSD_Packages ) along with manually installing any dependencies, but as the page says it "may break the firewall." -- Steve Yates ITS, Inc. -----Original Message----- From: List [mailto:[email protected]] On Behalf Of Sean Cavanaugh Sent: Tuesday, May 16, 2017 4:59 PM To: pfSense Support and Discussion Mailing List <[email protected]> Subject: Re: [pfSense] How To install MySQL on Pfsense 2.4 Best practice is to run as few services as possible on a firewall to reduce the possible attack footprint. The more services you run on the firewall, the more vulnerable it becomes to being broken into. That is why the recommendation to virtualize the box and at least logically partition the services away from affecting the firewall. -----Original Message----- From: List [mailto:[email protected]] On Behalf Of [email protected] Sent: Tuesday, May 16, 2017 8:04 AM To: pfSense Support and Discussion Mailing List <[email protected]> Subject: Re: [pfSense] How To install MySQL on Pfsense 2.4 Am 2017-05-16 13:30, schrieb Sean Cavanaugh: > The only sane way to do this on a single box would be by installing a > hypervisor on the server ( such as VMware ESXi) and running pfsense as > a virtual machine within it as well as a second virtual machine to > host any other non-firewall related applications (MySQL, FreeRADIUS). > > There is obviously going to be a performance hit from sharing the > resources but should be minimal if all you are doing is hosting a user > database and RADIUS server for pfSense. While it may not be the most clever idea, technically it should be possible, right? I'm not too familiar with the inner workings of pfSense - but I assume there is a partition or directory in the installation that (provided pfSense is installed on a HD and not a read-only medium) persists data over reboots. One would need to start it with that directory as dbdir. It's possible to run Snort, haproxy. So, why not MySQL? OP will have to learn how to create packages, and store the configuration: https://doc.pfsense.org/index.php/Developing_Packages _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
