On Sat, Apr 30, 2011 at 1:34 AM, George Georgalis <geo...@galis.org> wrote: > Nico, I don't know what your "risk" is, but if it's a perimeter > box running pf and ssh maybe consider running on cflash or usb > stick? Or one of those bootable cdroms? I log to a ram fs so I > think the only media writes are for ntp.drift, and yes I'm more > concerned about the other hardware failing than the OS media. > > -George
Those are not really OpenBSD issues, but architectural ones you're addressing. It's also hosting upload/download content, so non-writable OS's are not going to work: if I could gracefully and quickly do it, I'd actually make it a live CD based setup, but configured user SSH keys and uploaded files need someplace to be. You've raised an interesting point with flash hardware. How well is that working for you? Note that I have significantly more write traffic because the host is an SFTP/SCP server as well as mer SSH passthrough.
