[ale] Diskless linux firewall?

[Pete Hardie]

On 1/2/06, Chris Woodfield <rekoil at semihuman.com> wrote:
> Hi all,
>
> Something I've been considering doing with my home system is figuring
> out a way to run my iptables firewall box without a hard drive.
> Currently it's a typical linux system running a minimal config -
> iptables rules, dhcpd, sshd, and ksysguardd for remote health
> monitoring.

I recall seeing a linux-based floppy-based firewall, and perhaps
another that relied on being in a -ready-to-power-off state that still
routed packets.  Both worked from the premise that you can't corrupt
that which you can't save to disk.

>
> I've seen some documentation on booting off of a CF card and using
> initrd to create a ramdisk to mount at root, but IMO that won't give
> me the flexibility to modify files on demand - if I put the iptables
> ruleset file on the initrd image, I'd have to create a new image
> every time I want to change something to make sure the change
> survives a reboot. Then again, some would consider that a good thing
> from a security perspective...
>
> The crux of my question is: what parts of the filesystem tend to get
> written to most often on a running system, or more ot the point, get
> written to often enough to make putting them on a rw CF card dangerous?
> My thinking is that if I can put /var, /tmp and whatever else on a
> ramdisk and leave the rest of the CF card mounted rw, I hopefully
> would not need to worry about blowing out the flash card's write
> cycle limits.
>
> If anyone has experience working with this (I remember someone
> mentioning putting / on a flash disk in an earlier thread), I'd like
> to hear about it.
>
> TIA,
>
> -Chris
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>


--
Better Living Through Bitmaps