Back around that time I remember running such a firewall OS on a floppy disk. You would set the floppy readonly, and you could update the floppy by taking it out. It ran entirely in RAM. I forgot the name, it was either Linux 2.0.x or 2.2.x. I don't even remember if settings were kept after reboot. I installed it for a friend of a friend in his student apartment.
Years later, I gave a daughter of a friend of my mother my old PC. It would boot up a Linux live CD. That, too, is immutable, and you'd update it by burning a new live CD.
But where did we arrive to this? Well, computers had all services enabled for some reason (not with big bad internet in mind, but LAN). And updates were distributed via CDs or different media. Some airgapped environments are still going to work akin to that. Now, if the devices are connected to internet, they have to be updated because security vulnerabilities are going to have been discovered.
Years later, I gave a daughter of a friend of my mother my old PC. It would boot up a Linux live CD. That, too, is immutable, and you'd update it by burning a new live CD.
But where did we arrive to this? Well, computers had all services enabled for some reason (not with big bad internet in mind, but LAN). And updates were distributed via CDs or different media. Some airgapped environments are still going to work akin to that. Now, if the devices are connected to internet, they have to be updated because security vulnerabilities are going to have been discovered.