Another possibility which we use here is mounting "/" ro and hold any other partition in rw as mfs filesystems (namely /tmp, /home, /var/log and /var/db). Syslog goes o a central server.
These systems are managed via puppetd and the client remounts "/" rw, runs and remounts back to "ro" On 19.02.2014 12:38, Marko Cupać wrote: > Hi, > > I need to deploy a number of openbsd firewalls based on alix2d13 > hardware. The goal is to separate industrial network from LAN, in order > to protect unpatched systems on industrial network from potential > malware on LAN, while providing some level of access (mostly > low-traffic VNC from LAN to industrial and sql in the opposite > direction). > > The problem is that we have very unstable power grid, resulting in > unclean shutdnowns of devices. I cannot UPS them all. > > How can I configure firewalls so they are resistant to those power > failures (ie do not need fsck)? How should I partition? Which partitions > should be mount read-only? Which should be mount as memory disks? Which > size shoud I allocate for memory disks (RAM is a constraint here as I > have only 256Mb)? Any other advices? > > Thank you in advance, > -- Kim Zeitler
