netfilter firewalling problems and solutions

Dagmar d'Surreal dagmar.wants at
Mon Feb 23 15:35:15 PST 2004

On Mon, 2004-02-23 at 16:35, Ian Molton wrote:
> On Mon, 23 Feb 2004 15:56:36 -0600
> Dagmar d'Surreal <dagmar.wants at> wrote:
> > Filesystem mounts are system wide.  See my other comment about clearing
> > out the dross in /var/log and /tmp from the result.
> Thought as much.
> Got a link to some more info? This method may *greatly* simplify my goal of having a server with a mostly-always-spun-down harddisc.

There's no one totally tested way to do it on Linux at the moment.  It's
rather irksome that this isn't a big trick on Solaris or BSD, but under
Linux about the only non-painful way to do it at the moment is using the
automounter, or just having the fs mounted on another machine that _can_
do union mounts (what I've done in the past a few times just to get an
analysis done).

Some guy named Al Viro is the one who's currently working on this, but
it's spun off into a fairly sizeable change to the way filesystems are
handled and he's gotten dragged into other things recently.  Union
mounts should be showing up again in the 2.6.x kernels or possiblty
2.7.x series.

The point is that it's way easier to just pay attention to where the
files are supposed to be going at build time, and use a package manager
(or tarball) to relocate them to the production fs instead of all this
other fretting over some panacea to fix the problem of administrative
              AIM: evilDagmar  Jabber: evilDagmar at

