firewall upgrade
Today, I deliberately took my firewall offline to upgrade it from OpenBSD 3.3-beta to OpenBSD 3.6-beta. 161 days of uptime isn't bad, is it?
Some pointers:
- When running a local OpenBSD install mirror, make sure you include
the file "CHKSUM". This file is not installed, but the OpenBSD
installer application looks for it to identify if there's a viable
installation at the network address you provide to it. This isn't
usually a problem if you're providing a complete mirror, but if you're
explicitly handling a small subset of files, say if you're keeping
them on a USB key and you need to pick and choose what you're going to
need, you must include it. Otherwise, when you connect to your file
server, the installer won't recognize the files.
- It never hurts to keep your bogon list
up-to-date. pf understands it as so:
table <bogons> { 0.0.0.0/7, 2.0.0.0/8, ...more bogons go here... 224.0.0.0/3} block out quick on $ext_if from <bogons> to any block in quick on $ext_if from <bogons> to any - You don't need to sync your clock to CWRU servers if you're running NetTime, and can get a stable SNTP connection from checking the box labeled "Allow other computers to sync to this computer". It works. It's funny, since my workstation can sync from CWRU's NTP servers without trouble, but the firewall can't. I don't want to solve this problem. I found a workaround, so I'm happy.
Overall, upgrading OpenBSD is easy. It's slightly more complicated to reformat and reinstall OpenBSD and call it an "upgrade" like I did, but not by much. The hardest part is waiting for your blazing 100MHz Pentium processor to compile the source you intend to almost-never use.
No comments:
Post a Comment