Sizing swap space on an OpenBSD firewall

I'm configuring an OpenBSD (version 4.3) as a dedicated firewall.  I have 1 gig in RAM and a 4 gig compact flash card.  I want to store 31 days worth of logs.  "Building Firewalls with OpenBSD and PF, 2nd ed" says that the swap space should be at least 2x the amount of RAM, which would mean 2 gigs for swap space.  Some other people say that it's being used as a dedicated firewall and it should never use the swap space, so we should allocate as little swap space as possible.

Which side is right (and why)?
Who is Participating?
gheistConnect With a Mentor Commented:
You can build custom kernel without swap code at all. If you do not add "b" partition on your flash card it will happily work without swap and crash dump ability.

There are two recipes for swap:
If you have one disk it is twice the RAM
If they are many RAM-sized swap on each.
Flash card is unsuitable for swapping as it wears off after some 10000 rewrites.

PF writes logs in tcpdump format, and flash media is not the best for multiple rewrites.

Log sizes greatly depends on what you log. In very worst case assumption (full bandwidth traffic dump) that is more bandwidth than your CF can handle.
PF does not write syslog, so it will be a bit of challenge to get logs to external dedicated magnetic-disk system.

I'd suggest looking into pfflowd or adding an extra disk just for logs.

There is NetBSD with ipf that logs to syslog and can be exported.
Linux has better flash filesystems.
FreeBSD's m0n0wall reincarnation is worth looking at too..
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.