Solved

Sizing swap space on an OpenBSD firewall

Posted on 2008-06-18
3
590 Views
Last Modified: 2013-12-09
I'm configuring an OpenBSD (version 4.3) as a dedicated firewall.  I have 1 gig in RAM and a 4 gig compact flash card.  I want to store 31 days worth of logs.  "Building Firewalls with OpenBSD and PF, 2nd ed" says that the swap space should be at least 2x the amount of RAM, which would mean 2 gigs for swap space.  Some other people say that it's being used as a dedicated firewall and it should never use the swap space, so we should allocate as little swap space as possible.

Which side is right (and why)?
0
Comment
Question by:sfjacobs
3 Comments
 
LVL 61

Accepted Solution

by:
gheist earned 500 total points
Comment Utility
You can build custom kernel without swap code at all. If you do not add "b" partition on your flash card it will happily work without swap and crash dump ability.

There are two recipes for swap:
If you have one disk it is twice the RAM
If they are many RAM-sized swap on each.
Flash card is unsuitable for swapping as it wears off after some 10000 rewrites.

PF writes logs in tcpdump format, and flash media is not the best for multiple rewrites.

Log sizes greatly depends on what you log. In very worst case assumption (full bandwidth traffic dump) that is more bandwidth than your CF can handle.
PF does not write syslog, so it will be a bit of challenge to get logs to external dedicated magnetic-disk system.

I'd suggest looking into pfflowd or adding an extra disk just for logs.

There is NetBSD with ipf that logs to syslog and can be exported.
Linux has better flash filesystems.
FreeBSD's m0n0wall reincarnation is worth looking at too..
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

In tuning file systems on the Solaris Operating System, changing some parameters of a file system usually destroys the data on it. For instance, changing the cache segment block size in the volume of a T3 requires that you delete the existing volu…
Introduction Regular patching is part of a system administrator's tasks. However, many patches require that the system be in single-user mode before they can be installed. A cluster patch in particular can take quite a while to apply if the machine…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now