Date: Wed, 22 Nov 2000 17:50:26 -0500 (EST) From: Tim McMillen <timcm@umich.edu> To: Nathan Vidican <webmaster@wmptl.com> Cc: peter@sysadmin-inc.com, questions@FreeBSD.ORG Subject: Re: partitions and a new install Message-ID: <Pine.SOL.4.10.10011221745400.13773-100000@gorf.gpcc.itd.umich.edu> In-Reply-To: <3A1C0EB0.3A6922CD@wmptl.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 22 Nov 2000, Nathan Vidican wrote: > Peter Brezny wrote: > > For a production firewall machine, is it important to create separate > > partitions (slices) for different labels. > > For example, is it a good idea to put > > > > / > > /var > > /usr > > /home > > > > on separate partitions to help keep the possibility of file system > > corruption from taking out more than one of these areas at a time? Yes, I really think so. That way if one of them gets hosed you're still able to get somewhere. > Personally, on a firewall machine I try to put them all on one then where do you send your logs? > partition, < 100Megs total, and mount it read-only; if at all possible, > make the bios write-protect it as well. Makes for easy/quick backup, and > by write-protecting it assures better security. Yes good point. RO is good. The easy quick backup for multiple partitions could still be accomplished with a shell script. But how many backups do you need to take fro a firewall? It shouldn't change much, so once you get a few backups, you're fine. Didn't I see something about an append only filesystem for logs? Where even root cannot delete from it? Is that possible on FreeBSD? Tim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SOL.4.10.10011221745400.13773-100000>