1
General Discussion / Will manually built/installed packages on OPNsense break with OPNsense updates?
« on: October 21, 2020, 09:44:47 am »
Hi,
for a number of reasons that are not important here, I want to run some VMs in Bhyve on my OPNsense box (homelab).
Since setting this up needs to happen outside OPNsense default features, building the libraries from the ports tree etc, my question here becomes: what happens when an OPNsense update is installed? Is there a chance that the Bhyve setup will break somehow, and if so, how likely is that to happen and are there ways to minimize those chances or perhaps avoid that scenario entirely (other than just not doing this kind of thing on an OPNsense box obviously)?
I suppose this question could be generalized to any scenario where one needs/wants to run additional packages that need to be manually built and installed from the ports tree.
PS: I'm aware of the controversy around adding a virtualization layer to a firewall OS, adding tons of libraries, code, and as a consequence potential attack vectors etc
To anyone feeling the need to raise these concerns, I say: duly noted, I appreciate it and I do understand, but this is not the point of this topic
for a number of reasons that are not important here, I want to run some VMs in Bhyve on my OPNsense box (homelab).
Since setting this up needs to happen outside OPNsense default features, building the libraries from the ports tree etc, my question here becomes: what happens when an OPNsense update is installed? Is there a chance that the Bhyve setup will break somehow, and if so, how likely is that to happen and are there ways to minimize those chances or perhaps avoid that scenario entirely (other than just not doing this kind of thing on an OPNsense box obviously)?
I suppose this question could be generalized to any scenario where one needs/wants to run additional packages that need to be manually built and installed from the ports tree.
PS: I'm aware of the controversy around adding a virtualization layer to a firewall OS, adding tons of libraries, code, and as a consequence potential attack vectors etc
To anyone feeling the need to raise these concerns, I say: duly noted, I appreciate it and I do understand, but this is not the point of this topic