Re: Thoughts or links on optimally secure defaults for pf.conf and fstab, whilst aiming to minimise support issues.

On 2020-06-14 13:58, Kevin Chadwick wrote: > set reassemble yes no-df > match scrub (random-id max-mss 1389) > > Should I drop the no-df from set reassemble? Any other recommendations > welcome? To be clear. Previously, with scrub (no-df... the set reassemble line was missing/default.

Thoughts or links on optimally secure defaults for pf.conf and fstab, whilst aiming to minimise support issues.

We are basing the server part of our products on OpenBSD. We care more about reducing support issues than say performance. We will have batteries but I hope to deploy some kind of root partition redundancy, for upgrades. However, Is sync or softdep a better default for the best chance of avoidin

Re: OpenBSD Readonly File System

In Linux, the kernel can force flushing the disk cache (which also can be disabled ) via fsync() call . That feature is called 'write barrier'. As I'm not a developer, I never read that portion of the source of openBSD , so I got no idea if similar logic can be used in openBSD. Does 'soft