On 12/15/2009 03:50 PM, Jonathan Thornburg wrote:
For example, 2 years ago I set up a home firewall using a 1GB
Kingston CF card. For precisely the reasons Nick Holland outlined,
I used a standard OpenBSD install (done by plugging the CF card into
a USB-to-CF adaptor and then connecting the USB to my laptop). The
only "interesting" things I did to reduce writes [and boost performance;
the WRAP is a slow 586-class processor with only 128MB memory] were to
make /tmp and /usr/tmp mfs, mount /usr readonly, and mount /var softdep.
For the present discussion, what's relevant is that although I planned
to try to make more of the disk readonly (maybe putting the often-written
parts of /var into mfs), I never got around to doing so.
I did the whole "everything writeable in mfs" thing on my 5501. It was
a PITA (took about 3 installs to get it right), but a learning
experience. Good thing OpenBSD installs in about 10 minutes :)
The only reason I can really think of to do this, and the reason I did
it, is to make the Soekris "unpluggable" -- that is, I can yank the
power cord and my filesystems can't be corrupted by it. How important
that is depends on your situation. If you are the only one
using/adminning the thing, it's not really important. If you are not,
and you may not always be near it to do a manual fsck when it does get
unplugged (and know that it needs to be done because they are usually
run headless), then "unpluggability" may have more significance. I'd
venture a guess that in most cases, it is not worth the trouble. This
box is my home firewall, and I only did it as a learning exercise for
some future installs I will likely be doing at work. I'm considering as
an alternative, though, a standard install with a written procedure for
others (non-Unix-savvy people) to do the fsck if the need arises.
I used a similar install method, running the OpenBSD CD installer under
Sun's VirtualBox with the CF in a USB adapter as my "hard disk". Worked
great.
