[Shorewall-users] to update or not to update

Tom Eastep teastep at shorewall.net
Tue Jul 15 00:06:35 PDT 2003

On Mon, 2003-07-14 at 15:41, Richard wrote:

> Given that my system has become fairly important and I really need it to be 
> reliable, would it be wise for me to mess with a stable setup by upgrading 
> Shorewall.  Will an upgrade buy me anything given that I  am planning to 
> start using VPN and VNC?
> Any comments or suggestions, anyone?

I see upgrades as a "pay me now or pay me later" trade off. Upgrading
regularly spreads out the pain into small doses. If you get a long way
behind and then suddenly discover that you need a feature that isn't
available in your release, you will have to wade through lots of
"Upgrade Issues" and try to decipher which of the issues apply to you
and which don't.

With respect to your current release (1.4.2) and VPN/VNC:

a) VNC is a simple TCP application; the only thing remotely tricky about
it is that as with X, the VNC port number varies with the display

b) There have been no VPN-specific changes since 1.4.2.

Finally, when upgrading after you get behind I recommend that you don't
pick the current release (especially if it has just come out) and of
course don't pick a release that had disastrous bugs that required an
immediate follow-on release to correct (yes, I have produced several of

Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net

More information about the Shorewall-users mailing list