Just a thought, and by no means a serious requirement for my use case,however I think adding zram to IPFire could be very handy for extending the life of SSD’s and microSD cards. SSD’s wear out faster when you write more to them. IPFire mostly writes logs to the filesystem and it’s not a lot on small home firewalls like mine but I imagine in a corporate environment it can be quite a lot. Even still, my install of IPFire is always doing something and therefor logging something. So what if IPFire used zram to create a compressed RAM drive and wrote the logs there and once every hour (or even a user configurable duration?) a cron job would rsync the contents from the zram to the actual physical storage. Would it be worth the effort?
for SSD i would say no… microSD would benefit from that, but who is using this today?
In business/enterprise space only dated embedded devices, then no one, in my opinion.
In domestic space, most of SBCs like Raspberry Pi.
However, I don’t think that ram would be used as best for store log entries rather than process rules or IDS/IPS info.
This proposal is technically valid, but strongly goes against security practises.
If IPFire would not persistently store any log files, you would have no chance to do any investigation if there are any crashes. Especially if there are any crashes that might have been provoked by an attack - basically a DoS.
We will write logs pretty quickly to disk to have a proper paper trail. Some less-important data like the graphs is already buffered and only written every once in a while.
With today’s quality of flash drives you won’t be able to ruin one by just writing logs.
5 Likes