From owner-freebsd-questions  Wed Nov 22 14:50:31 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from donkeykong.gpcc.itd.umich.edu (donkeykong.gpcc.itd.umich.edu [141.211.2.163])
	by hub.freebsd.org (Postfix) with ESMTP id 77B8F37B479
	for <questions@FreeBSD.ORG>; Wed, 22 Nov 2000 14:50:28 -0800 (PST)
Received: from gorf.gpcc.itd.umich.edu (smtp@gorf.gpcc.itd.umich.edu [141.211.2.147])
        by donkeykong.gpcc.itd.umich.edu (8.8.8/4.3-mailhub) with ESMTP id RAA21697; Wed, 22 Nov 2000 17:50:27 -0500 (EST)
Received: from localhost (timcm@localhost)
	by gorf.gpcc.itd.umich.edu (8.8.8/5.1-client) with ESMTP id RAA19814; Wed, 22 Nov 2000 17:50:26 -0500 (EST)
Date: Wed, 22 Nov 2000 17:50:26 -0500 (EST)
From: Tim McMillen <timcm@umich.edu>
X-Sender: timcm@gorf.gpcc.itd.umich.edu
To: Nathan Vidican <webmaster@wmptl.com>
Cc: peter@sysadmin-inc.com, questions@FreeBSD.ORG
Subject: Re: partitions and a new install
In-Reply-To: <3A1C0EB0.3A6922CD@wmptl.com>
Message-ID: <Pine.SOL.4.10.10011221745400.13773-100000@gorf.gpcc.itd.umich.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG



On Wed, 22 Nov 2000, Nathan Vidican wrote:
> Peter Brezny wrote:
> > For a production firewall machine, is it important to create separate
> > partitions (slices) for different labels.
> > For example, is it a good idea to put
> > 
> > /
> > /var
> > /usr
> > /home
> > 
> > on separate partitions to help keep the possibility of file system
> > corruption from taking out more than one of these areas at a time?

	Yes, I really think so.  That way if one of them gets hosed you're
still able to get somewhere.

> Personally, on a firewall machine I try to put them all on one

then where do you send your logs?

> partition, < 100Megs total, and mount it read-only; if at all possible,
> make the bios write-protect it as well. Makes for easy/quick backup, and
> by write-protecting it assures better security.

Yes good point.  RO is good.  The easy quick backup for multiple
partitions could still be accomplished with a shell script.  But how many
backups do you need to take fro a firewall?  It shouldn't change much, so
once you get a few backups, you're fine.
	Didn't I see something about an append only filesystem for logs?
Where even root cannot delete from it?  Is that possible on FreeBSD?

						Tim




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message