Jon Lindgren wrote
> I finally have a spare sparc to use as a true firewall.  I'm planning to
> burn a CD for this sucker to boot from.  I don't want it to have local 
> mass storage (besides the cd...).
> 
> I've been looking around at regular processes which run and require
> temporary files, such as the daily security items, etc...  I figure I can
> knock syslog stuff to a remote machine, I'll be disabling mail and other
> audit scripts (hmmm....), but what about items such as /var/log/wtmp and
> such?
> 
> So the 1e6 dollar question is: does anyone have any ideas what other
> subsystems may be affected by having a r/o local filesystem when running
> multiuser?  I've been able to experiment for a few hours or so, but I've
> not run the thing for months yet...
> 
> Any ideas, tips, etc... are well appreciated.

Maybe not what you want...

Create the desired filesystem, place it onto a bootable CD and have it
union-mount with a filesystem on a harddisk just large enough to hold
writeable files such as logfiles etc.

Alternatively, if memory isn't much of a problem, create a CD with the
desired filesystem and have it boot into a memory-based filesystem.

Should the system be comprimised or falling over, its a matter of
seconds to reboot and have it up and running again.

I don't know about your reasons of not using a local harddisk, but
if it is for security reasons, there is nothing stopping anyone
breaking into the firewall on any type of system if the opportunity
exists due to a flaw in operating system or application.

cheerio Berndt
-- 
Name    : Berndt Josef Wulf            | +++ With BSD on Packet Radio +++
E-Mail  : wulf@ping.net.au             |    tfkiss, tnt, dpbox, wampes
ICQ     : 18196098                     |  VK5ABN, Nairne, South Australia 
URL     : http://www.ping.net.au/~wulf | MBOX : vk5abn@vk5abn.#lmr.#sa.au.oc
Sysinfo : DEC AXPpci33+, NetBSD-1.4.2  | BBS  : vk5abn.#lmr.#sa.aus.oc