Re: PF and a feauture I requested weeks ago

[van Helsing <vh@helith.net>]

On Sun, 1 Aug 2004 19:18:54 -0500 (CDT)
"L. V. Lammert" <lvl@omnitec.net> wrote:

> On Mon, 2 Aug 2004, van Helsing wrote:
> 
> > PFSYNC is a usefull feauture of PF but it has one big disadvantage:
> > I need a direct cable connection to the other PC.
> >
> > The only way to sync. all FWs in my VPN is that I've a script wich
> > noticed when the PF.conf has changed (e.g. because SNORT) and wich
> > login all the other Servers/FWs replace the PF.conf and rebooting
> > the FW.
> >
> What about rsync to propagate pf.conf, and a cron job to look for
> updates and restart?
> 
> 	Lee

Is RSYNC part of the OS?
I take normaly just the things OpenBSD provide by default because that
min. the risk.
And because e.g. somebody who cracked the VPN I prefere using encrypted
transfers if something left my lokal network.
And the PF.conf is a file I wont let other ppl. read normaly.

I think that could be done easier with a improvement in pf-sync.
And much more secure because don't exspect that somebody can KNOW all
services correctly.
I think if somebody who isn't administrator set up sendmail, apache,
rsync, cvs-mirror he could make misstakes and admin wont make because
the experience or? And I hope OpenBSD is a OS for all and not for such
31337-guys *just joking but think also for the mass* :-D

vh

[demime 0.98d removed an attachment of type application/pgp-signature]