Partitioning FreeBSD for Firewall

M

markfisher

Hi
Sorry if I post this question in a wrong section. I have a very old desktop that has only 40GB of hard drive (IDE) and 256 MB of RAM. I want to dedicate that box for firewall (Packet Filter). Now my question is what size should I use for: /, swap, /tmp, /usr, /home, /var, and /var/log?

I monitor that box remotely, so I don't really need that much space for /home or I'm wrong?

Thanks
Mark
 
You could put everything on the same partition assuming there's no other accounts on the system than root and your unpriviledged user and you have done suitable hardening of the system using for example security(7) as a guide.
 
No real reason to do that differently than normal, 40G is plenty of room either for a shared single partition plus swap (bsdinstall(8) default) or split partitions (Disk Setup On FreeBSD).

Don't create a separate /home, it's pointless in this case. I would use GPT with separate partitions, and these sizes:
/: 2G
swap: 4G
/var: 2G
/tmp: 1G
/usr: the rest (31G)
 
40G is more than enough for just a firewall.

Partitioning, it depends what you want to do exactly. I will follow what wblock says but with different sizes.

/: 1G sould be enough, 2G is good
swap: 1G should be enough, 2G is good
/tmp: 512M sould be enough, 1G is good
/usr: 5G should be enough, 10G is good
/var: 10G should be enough, 15G is good
or
/var: 2G and
/var/log: 10G
 
@wblock@
If I don't specify /home, under which partition FreeBSD creates it?

@kisscool-fr
I decided to create log server and have firewall to send it's log to it. Do I still need to specify /var/log?

With the suggested setup, can I use jail? or I'm low in memory?


Thanks
Mark
 
markfisher said:
@wblock@
If I don't specify /home, under which partition FreeBSD creates it?
Click to expand...

It will be on the /usr partition, under /usr/home. And /home is a link to it.

If the logs are not kept on that machine, no extra space is needed in /var, nor a separate partition for logs.

256M of RAM is tight by modern standards but likely more than enough for this. Try it. If there is not enough memory, don't use a jail.
 
You must log in or register to reply here.
Back
Top