...on Mon, Sep 05, 2005 at 03:35:19PM +0200, Stephan A. Rickauer wrote: > Henning Brauer schrieb: > >you don't have to reinstall at all. hogwash by some people here. I have > >about a hundred servers in production, some are upgraded ever since 2.7 > >times or so. upgrade typically takes us 5 minutes and one reboot a box. > Well, I am thinking of using OpenBSD for our firewalls. Those I do want > to upgrade regularly. Not because of features, but because of patches.
For a simple filtering firewall, you won't need to do much for an upgrade. Perhaps touching a few files in /etc according to the upgrade document, and if you use any ports or local binaries, getting them up to the current version. The basic layout of things hasn't been changed for a long time, it's not as if suddenly config files will have to be in a different directory because someone wants to be compatible with some standards document or so. On the other hand, there's little incentive to upgrade such a setup at all (except for the exercise) - there are rarely catastrophic bugs that will be able to compromise your system, and throwing in a new version of things like openssh or zlib will usually work a couple of versions back from the current release, even if there's no formal patch. (In reality, if there's a case where you really, really need to upgrade such a system after a few years, it will probably hurt - currently have that with a 3.3 box with so many local changes that it barely looks like OpenBSD anymore...). Alex.
