[ale] Diskless linux firewall?

[Chris Woodfield]

Hi all,

Something I've been considering doing with my home system is figuring  
out a way to run my iptables firewall box without a hard drive.  
Currently it's a typical linux system running a minimal config -  
iptables rules, dhcpd, sshd, and ksysguardd for remote health  
monitoring.

I've seen some documentation on booting off of a CF card and using  
initrd to create a ramdisk to mount at root, but IMO that won't give  
me the flexibility to modify files on demand - if I put the iptables  
ruleset file on the initrd image, I'd have to create a new image  
every time I want to change something to make sure the change  
survives a reboot. Then again, some would consider that a good thing  
from a security perspective...

The crux of my question is: what parts of the filesystem tend to get  
written to most often on a running system, or more ot the point, get  
written to often enough to make putting them on a rw CF card dangerous?
My thinking is that if I can put /var, /tmp and whatever else on a  
ramdisk and leave the rest of the CF card mounted rw, I hopefully  
would not need to worry about blowing out the flash card's write  
cycle limits.

If anyone has experience working with this (I remember someone  
mentioning putting / on a flash disk in an earlier thread), I'd like  
to hear about it.

TIA,

-Chris