|
||||||||||
Just for the sake of argument, on the topic of best practices, I can think of a couple of reasons not to. 1. Your firewall is already a single point of failure. Creating an external dependency adds another fail point to that single point of failure. 2. You're at least doubling the likelihood of your firewall being tampered with as there are now 2 potential breech points. Of course (1) could be addressed by having a failover bootp server, in which case you may actually increase your overall MTBF. And to (2) you could say "that's what the firewall is for", but everyone knows there is virtually nothing that is 100% impenetrable. Depending on how mission critical your environment, and your risk tolerance level, it may not be an issue. I'm just playing devil's advocate. Greets, Josh McAllister -----Original Message----- From: Justin Ellison [mailto:justin at techadvise dot com] Sent: Thursday, January 20, 2005 7:03 AM To: Henning Wangerin Cc: m0n0wall at lists dot m0n0 dot ch Subject: Re: [m0n0wall] PXE-booting monowall It's the recommended way to develop for m0n0wall. Follow directions here: http://www.m0n0.ch/wall/hack/ On Thu, 2005-01-20 at 12:54 +0100, Henning Wangerin wrote: > Hi! > > I was thinking (yes I know - very bad ;-)) > > Why not also have a m0n0wall variant that boots via PXE? > > My idea i to place the boot image on my server that is already handling > pxe-boot for a number of thin clients on my network, so it would be easy > to setup a separate dhcp-config on the server to handout the boot-image > to the m0n0wall-box. > > Any good reasons that it shouldn't be done? > -- --------------------------------------------------------------------- To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch |