Glenn Kelley wrote: > write to the pfsense server not have pfsense pull :-) > even if we just dump the xml feed onto pfsense box first > not thinking clearly w/ 1 hour power nap
surely it's safer for the internal servers to trust the firewall (i.e. firewall connects and pulls files, probably a pre-processed file, which is checked for sanity on the firewall before applying)? after all, if the firewall is compromised, you're in deep doo-doo! letting internal servers (which provide a service to the public, and which should be in a DMZ and somewhat sacrificial, and depend on the firewall for protection) to connect to the firewall and change its behaviour is LESS secure. So, I'd say that RB is wrong and GK is right! --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]