On Thu, Aug 23, 2007 at 07:36:14PM -0700, Tom Eastep wrote: > On Fri, 2007-08-24 at 12:20 +1000, James Gray wrote: > > > > > > > "Nearly 100%"...yes. Try up-selling that to management who wont even > > give me 15 minutes of downtime on a weekend :P > > > > If your management demands that level of up-time then they surely must > provide you with one or more test firewalls where you can verify new > software releases in a semi-live environment. > > And even if the misers don't do that for you, you are running Shorewall > 3.4; so you can: > > shorewall compile <configuration> <firewall-a> #under shorewall 3.4 > > and > > shorewall compile <configuration> <firewall-b> #under shorewall 4.0 > > then: > > diff -au <firewall-a> <firewall-b> > > This firewall stuff really isn't as complicated as brain surgery.... > > -Tom (who has worked in the ultra high-availability market sector since > 1980).
Besides, hardware is cheap. Have them get you a box on which you can install Xen, then setup some domUs in a configuration that you can test your firewall. Identify some "critical" tasks or functions and make sure that those work. If your management has a problem spending money on that, figure out how much an hour or a day of downtime costs them and then have them compare that to the price of a single machine. Besides, a machine that can run Xen for the testing you need can easily be had for under US$3000. If they still don't budge, then I recommend you send your story to the folks over at http://worsethanfailure.com :-) Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com
signature.asc
Description: Digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
