Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: FW: [suse-security] optimal kernel config for firewall gateway ?
  • From: Roman Drahtmueller <draht@xxxxxxx>
  • Date: Wed, 16 Jan 2002 15:38:02 +0100 (MET)
  • Message-id: <Pine.LNX.4.43.0201141202510.21660-100000@xxxxxxxxxxxx>
>
> It´s true, that you can use a 486 for Firewall, but a prefer to a P-II
> or AMD K6-2 as minium requieremnt for 1 Mbit. The problem ist not the
> traffic, but the syslog. We have serveral costumers, who are connected
> with 2 mbit. If someone portscan your system or tries an dos-attack,
> increased your system load dramaticly and the traffic stops :(

Nah...

The syslog.conf manpage states that if a logfile is preceded with a "-"
(like in

*.* -/var/log/allmessages

), then the syslogd will not call fsync() after a write() to this file.
By consequence, the load will remain small.

Generally, it's a good idea to fsync() all logfiles especially if
something really urgent has been logged (like a failing disk). Typically,
such logs are from the kernel, which leads to believe that all kernel logs
should be synced at once. Unfortunately, firewall messages are kernel logs
as well, and then you have to change the perspective. If your syslogd
takes to much time to sync the data to disk, the kernel messages
ringbuffer (/proc/kmsg) might overflow and some messages might geht lost.

Roman.


< Previous Next >
References