marko.cu...@mimar.rs (Marko Cupa??), 2014.02.19 (Wed) 12:38 (CET): > I need to deploy a number of openbsd firewalls based on alix2d13 > hardware. The goal is to separate industrial network from LAN, in order > to protect unpatched systems on industrial network from potential > malware on LAN, while providing some level of access (mostly > low-traffic VNC from LAN to industrial and sql in the opposite > direction). > > The problem is that we have very unstable power grid, resulting in > unclean shutdnowns of devices. I cannot UPS them all. > > How can I configure firewalls so they are resistant to those power > failures (ie do not need fsck)? How should I partition? Which partitions > should be mount read-only? Which should be mount as memory disks? Which > size shoud I allocate for memory disks (RAM is a constraint here as I > have only 256Mb)? Any other advices?
I'm not recommending, just telling what I do. I'm having two alixes with smallish SSDs and found that with ``fsck -p -y'' instead of ``fsck -p'' in rc(8) it is fast enough on unclean reboots. It's incredibly fast. As fsck -y implies I do not have valuable read/write mounted data on these machines. Just checked and your 2d13 got the ``44 pin IDE header''. Layout of one of these: wd0 at pciide0 channel 0 drive 0: <TS64GSSD25-M> wd0: 1-sector PIO, LBA48, 61136MB, 125206528 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 4 a: 206.7M 63 4.2BSD 2048 16384 1 # / b: 502.0M 423360 swap c: 61136.0M 0 unused d: 302.7M 1451520 4.2BSD 2048 16384 1 # /tmp e: 3506.8M 2071440 4.2BSD 2048 16384 1 # /usr f: 2000.7M 9253440 4.2BSD 2048 16384 1 # /var g: 2000.7M 13350960 4.2BSD 2048 16384 1 # /var/log h: 25005.6M 17448480 4.2BSD 2048 16384 1 # /home i: 27610.6M 68659920 4.2BSD 2048 16384 1 # /home/foo /dev/wd0a on / type ffs (local, noatime, softdep) /dev/wd0d on /tmp type ffs (local, noatime, nodev, nosuid, softdep) /dev/wd0e on /usr type ffs (local, noatime, nodev, softdep) /dev/wd0f on /var type ffs (local, noatime, nodev, nosuid, softdep) /dev/wd0g on /var/log type ffs (local, noatime, nodev, nosuid, softdep) /dev/sd0i on /vol/bigdata type msdos (local, nodev, nosuid, read-only, uid=1001, gid=0, mask=0775) So, I see... I didn't even bother to mount /home and /home/foo or make /usr read-only. This thingy is my home file/minidlna server and get's it's unclean shutdown almost every day. Consider logging to memory buffer to keep the HDD/SSD as idle as possible. Bye, Marcus
