[ previous ] [ next ] [ threads ]
 
 From:  "Josh McAllister" <josh at bluehornet dot com>
 To:  "Justin Ellison" <justin at techadvise dot com>, "Henning Wangerin" <mailinglists dash after dash 041101 underscore reply dash not dash possible at hpc dot dk>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] PXE-booting monowall
 Date:  Thu, 20 Jan 2005 11:01:04 -0800
Just for the sake of argument, on the topic of best practices, I can
think of a couple of reasons not to.

1. Your firewall is already a single point of failure. Creating an
external dependency adds another fail point to that single point of
failure.
2. You're at least doubling the likelihood of your firewall being
tampered with as there are now 2 potential breech points.

Of course (1) could be addressed by having a failover bootp server, in
which case you may actually increase your overall MTBF.

And to (2) you could say "that's what the firewall is for", but everyone
knows there is virtually nothing that is 100% impenetrable.

Depending on how mission critical your environment, and your risk
tolerance level, it may not be an issue. I'm just playing devil's
advocate.

Greets,
Josh McAllister

-----Original Message-----
From: Justin Ellison [mailto:justin at techadvise dot com] 
Sent: Thursday, January 20, 2005 7:03 AM
To: Henning Wangerin
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] PXE-booting monowall

It's the recommended way to develop for m0n0wall.  Follow directions
here:

http://www.m0n0.ch/wall/hack/

On Thu, 2005-01-20 at 12:54 +0100, Henning Wangerin wrote:
> Hi!
> 
> I was thinking (yes I know - very bad ;-))
> 
> Why not also have a m0n0wall variant that boots via PXE?
> 
> My idea i to place the boot image on my server that is already
handling
> pxe-boot for a number of thin clients on my network, so it would be
easy
> to setup a separate dhcp-config on the server to handout the
boot-image
> to the m0n0wall-box.
> 
> Any good reasons that it shouldn't be done?
> 
-- 


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch