We are basing the server part of our products on OpenBSD. We care more about reducing support issues than say performance.
We will have batteries but I hope to deploy some kind of root partition redundancy, for upgrades. However, Is sync or softdep a better default for the best chance of avoiding manual fsck/support issues? Turns out the issue that I had on pkg_add/ftp, that seemed to be eliminated by switching to 3g was somehow, a short lived reprieve and was more to do with re-assembly settings that had worked for me flawlessly, for years on a landline. I believe scrub had no-df before and I am now using without issue, so far. set reassemble yes no-df match scrub (random-id max-mss 1389) Should I drop the no-df from set reassemble? Any other recommendations welcome? Any thoughts or links on the most secure pf.conf that remains being compatible with any network? Thank You