Date: Sat, 31 Oct 2009 05:20:03 -0700 From: phantomcircuit <phantomcircuit@covertinferno.org> To: freebsd-questions@freebsd.org Subject: Re: best way to install/update software and firewall choice Message-ID: <4AEC2B73.3020505@covertinferno.org> In-Reply-To: <4AEC28B1.5050103@otenet.gr> References: <4AEC1729.6000307@posteurs.com> <4AEC28B1.5050103@otenet.gr>
next in thread | previous in thread | raw e-mail | index | archive | help
freebsd-update works fine in a jail so long as you symlink the kernel file to /dev/null Manolis Kiagias wrote: > Guy Marcenac wrote: > >> Hi, >> >> I am an old debian user and I am looking at freebsd for security reasons >> * I am very interested in the jail concept >> * I have to relearn iptables syntax each time I want to add a rule >> > > Don't we all :) > > >> I am testing the system in vmware virtual machine. >> >> There is a point I don't fully understand. There are several ways of >> updating the system, from precompiled binaries or by recompiling the >> system and the ports (and using csup, portsnap, portupgrade ...). >> > > To update your base system, you can use freebsd-update. This uses > precompiled binaries and also updates the relevant sources (assuming you > have them installed beforehand and you are using the default > freebsd-update configuration - which is recommended). However if you are > going to run jails, this advantage is more less defeated: you will have > to run 'make buildworld' anyway to install the result in the jails. > > >> I would prefer to use the first way because it is really faster, but >> it seems to me that when I want to update my jails, there is no other >> easy way than recompiling the whole world into my jails. >> >> > Yes, unless you can somehow run freebsd-update from inside a jail :) > Don't know if this will work though. It will probably fail trying to > patch the kernel. > > If you use freebsd-update you will only 'make installworld' for the > jails, as the 'host' will be taken care of by freebsd-update binary > patching. You still need the make buildworld step, so you don't really > gain much. > > >> The other point a bit confusing is that I dont know which firewall to >> use. My first guess would be to use pf, because it exists also on >> openbsd, but it seems that the default would go to ipfw. >> >> > > I am using pf too. It is a matter of preference and features needed. I > suggest you read the Handbook chapter and decide for yourself. > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4AEC2B73.3020505>