Partition alignment largely a moot point now

To summarise. It is very important for recent disk performance that partitions are aligned on a 1MB/2048 sector boundary. This stops data from sitting astride blocks and killing disk performance. It is especially important with first generation SSDs, as they have poor write performance anyway, and will save your SSD from an early demise (flash memory has limited write cycles).

Windows Vista and above will use the 2048 sector alignment as will Ubuntu, so it isn’t necessary to worry about this issue any more, unless you are installing Windows XP. MAC OS X is the big loser in all of this as it doesn’t care about alignment beyond 4k which may or may not work well depending on the specific block size of your HD/SSD.

Continue reading Partition alignment largely a moot point now

The importance of a minimal firewall.

I have long been an avid user of the well known interface to iptables – Shorewall. Of late though I have suspected it is slowing my network down. I once decided to see what actual iptables rules it was creating and ran “iptables -L”. There was a lot of output and I wasn’t sure was all of it necessary. It niggled away at the back of my brain for the last few months, and I decided yesterday it was time to do something about it.

I first looked at another “user-friendly” interface that would perhaps give me more control and proper ipv6 support, so I installed Firewall Builder. However it seemed quite complex and after spending some time trying to get to grips with the interface I decided it would be easier to type the rules in manually and anyway that would be the only way I was 100% sure everything in there was needed.

I familiarised myself with the Packet Filtering HOWTO and thought the easiest thing to do would be use “iptables-save” to copy the existing Shorewall rules into an iptables friendly format. The resultant file was 9k long and appeared to have a lot of user defined chains for no good reason. It also didn’t make good use of the multi-port option for tcp connections and therefore there were dozens of rules where there only needed to be one.

Continue reading The importance of a minimal firewall.