[ale] Non-ramdisk based flash filesystem?

[Chris Woodfield]

The situation: my firewall for the past few years has been a truly  
ancient Mini-ITX PC with an even more ancient hard drive running a  
low-overhead Linux install (iptables, ssh, not much else). The hard  
drive in particular is sorely in need of an upgrade - it's about 8  
years old and I have no idea how much more time it's got.

What I'd like to do is eliminate moving parts from this box entirely,  
and replace the drive with CF or USB flash-based storage. Given the  
write-cycle limitations of flash, every solution that's come up in my  
Googling on this subject gives me a ramdisk-based solution where the  
flash contains a filesystem image which is loaded as a ramdisk, not a  
live filesystem. The issue here is that the image must be "rebuilt"  
every time I make a change, such as updating an iptables rule, or apt- 
get update, compile a new kernel, yadda yadda.

What I'd prefer is a system by which I can mount the core filesystems  
read-only (which I can remount rw when I need to update files, while  
the more dynamic filesystems (e.g. /tmp, /var) are ramdisks, with the  
understanding that persistence between reboots is not possible with  
those partitions.

The big question here is, what filesystems in a running Linux system  
can be mounted RO without causing issues? Of the filesystems that  
need to be RW, are there any that must be persistent between reboots?  
What other potential issues could I be looking at with this solution  
that could make an image-based solution more appealing in practice?

TIA,

-Chris