On Wed, Sep 07, 2011 at 12:26:15AM +0700, Pandu Poluan wrote > So, can anyone recommend me a filesystem that fulfills my following needs: > > Scenario: vFirewall (virtual Firewall) that is going to be deployed at > my IaaS Cloud Provider. > > Disk I/O Characteristic: Occasional writes during 'normal' usage, > once-a-week eix-sync + emerge -avuD > > Priority: Stable (i.e., less chance of corruption), least CPU usage. > > My Google-Fu seems to indicate either XFS or JFS; what do you think?
Try "thinking outside the box". Do you really need more than extfs2? That should be the ultimate in low-overhead writing on the device. Another option is to send the log data out on UDP port 514 to be logged on another machine. A cute trick is to have /etc/conf.d/net as follows config_eth0=" 192.168.123.2/24 broadcast 192.168.123.255 routes_eth0=" default via 192.168.123.254 And then send the log data to the broadcast address 192.168.123.255 UDP port 514. Any computer with the same broadcast address can receive the log data. You can even have multiple computers sending out, and multiple computers receiving. One of the first things an attacker does after compromising a machine is to wipe the logs on that machine to cover his tracks. If the log data goes to multiple different machines, it will be much more difficult to wipe. Another strategy, on the paranoid side, is to have the router sending logs to a machine like 192.168.123.45, and also have a machine on a totally different IP address (e.g. 10.0.0.1) with its NIC set to "promiscuous mode", listen for and save the log data. -- Walter Dnes <waltd...@waltdnes.org>
