Re: best way to install/update software and firewall choice

Guy Marcenac wrote:
Hi,

I am an old debian user and I am looking at freebsd for security reasons
* I am very interested in the jail concept
* I have to relearn iptables syntax each time I want to add a rule

Don't we all :)


I am testing the system in vmware virtual machine.

There is a point I don't fully understand. There are several ways of
updating the system, from precompiled binaries or by recompiling the
system and the ports (and using csup, portsnap, portupgrade ...).

To update your base system, you can use freebsd-update. This uses
precompiled binaries and also updates the relevant sources (assuming you
have them installed beforehand and you are using the default
freebsd-update configuration - which is recommended). However if you are
going to run jails, this advantage is more less defeated: you will have
to run 'make buildworld' anyway to install the result in the jails.

I would prefer to use the first way because it is really faster, but
it seems to me that when I want to update my jails, there is no other
easy way than recompiling the whole world into my jails.

Yes, unless you can somehow run freebsd-update from inside a jail :)
Don't know if this will work though. It will probably fail trying to
patch the kernel.

If you use freebsd-update you will only 'make installworld' for the
jails, as the 'host' will be taken care of by freebsd-update binary
patching. You still need the make buildworld step, so you don't really
gain much.

The other point a bit confusing is that I dont know which firewall to
use. My first guess would be to use pf, because it exists also on
openbsd, but it seems that the default would go to ipfw.


I am using pf too. It is a matter of preference and features needed. I
suggest you read the Handbook chapter and decide for yourself.

_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: best way to install/update software and firewall choice
    ... freebsd-update works fine in a jail so long as you symlink the kernel file to /dev/null ... freebsd-update configuration - which is recommended). ... to run 'make buildworld' anyway to install the result in the jails. ...
    (freebsd-questions)
  • Re: Freebsd-update and update of jails
    ... Is there a way to use freebsd-update and use it to update the main host and ... To update my jails (from the main host) i make a buildworld and then: ... mergemaster -p -D /thejail ...
    (freebsd-questions)
  • Upgrading jails to 7.2-RELEASE with freebsd-update
    ... I now wanted to upgrade my jails to the new release but freebsd-update is telling me that's already updated... ... I understand that the jails are sharing the kernel and that freebsd-update must be verifying the version of the kernel. ... Fetching metadata signature for 7.2-RELEASE from update5.FreeBSD.org... ...
    (freebsd-questions)
  • Freebsd-update and update of jails
    ... Is there a way to use freebsd-update and use it to update the main host and ... To update my jails (from the main host) i make a buildworld and then: ... mergemaster -p -D /thejail ...
    (freebsd-questions)
  • Re: Freebsd-update with a custom kernel and jails
    ... I need a custom kernel (for ULE, pf and ALTQ while also disabling some ... I read at some places that you can't use freebsd-update with a custom ... I also read that it's possible to update the jails from the host system ... All I have to do is 'freebsd-update fetch install' to update the base ...
    (freebsd-questions)