[Discuss] iGuardian "enterprise-grade" home router
Richard Pieri
richard.pieri at gmail.com
Sat Sep 13 21:39:10 EDT 2014
On 9/13/2014 4:46 PM, Tom Metro wrote:
> OpenWRT supports optware package management, for example. You should be
> able to update packages on the fly, without a device reboot. (I've
> installed packages this way on my routers running Tomato USB.)
Try doing that with the kernel. Last I looked, Tomato's optware
repository doesn't include kernels.
OpenWRT's optware repository does have kernels but they're covered in
caveats that you're likely to brick your device if you try to install
them. The supported kernel update method for OpenWRT is Sysupgrade which
erases what is there and flashes a pristine system image. Just like I
described.
So yeah, I stand by my notion of how embedded systems work. Empirically,
that's how they work.
> Personally, I'd rather have a router/firewall appliance in which the
> firmware can't be altered without a physical switch being flipped on the
> device.
I've deployed and managed a few enterprise grade firewall appliances
like Borderware and Firewall-1. This is not a feature typically found on
such devices. Borderware, at the time running on FreeBSD, required a
restart in single-user mode to perform major changes because the root
file system was normally mounted read-only. Firewall-1 varies with the
foundation: IPSO, Solaris and Windows/NT all behave differently.
I can't recall seeing a consumer grade gateway with a feature like this.
Not a physical switch, anyway.
--
Rich P.
More information about the Discuss
mailing list