• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 615
  • Last Modified:

Sizing swap space on an OpenBSD firewall

I'm configuring an OpenBSD (version 4.3) as a dedicated firewall.  I have 1 gig in RAM and a 4 gig compact flash card.  I want to store 31 days worth of logs.  "Building Firewalls with OpenBSD and PF, 2nd ed" says that the swap space should be at least 2x the amount of RAM, which would mean 2 gigs for swap space.  Some other people say that it's being used as a dedicated firewall and it should never use the swap space, so we should allocate as little swap space as possible.

Which side is right (and why)?
0
sfjacobs
Asked:
sfjacobs
1 Solution
 
gheistCommented:
You can build custom kernel without swap code at all. If you do not add "b" partition on your flash card it will happily work without swap and crash dump ability.

There are two recipes for swap:
If you have one disk it is twice the RAM
If they are many RAM-sized swap on each.
Flash card is unsuitable for swapping as it wears off after some 10000 rewrites.

PF writes logs in tcpdump format, and flash media is not the best for multiple rewrites.

Log sizes greatly depends on what you log. In very worst case assumption (full bandwidth traffic dump) that is more bandwidth than your CF can handle.
PF does not write syslog, so it will be a bit of challenge to get logs to external dedicated magnetic-disk system.

I'd suggest looking into pfflowd or adding an extra disk just for logs.

There is NetBSD with ipf that logs to syslog and can be exported.
Linux has better flash filesystems.
FreeBSD's m0n0wall reincarnation is worth looking at too..
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now