From owner-freebsd-questions@FreeBSD.ORG  Thu Aug 26 20:38:01 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id CCC4D16A4CE
	for <freebsd-questions@freebsd.org>;
	Thu, 26 Aug 2004 20:38:01 +0000 (GMT)
Received: from dan.emsphone.com (dan.emsphone.com [199.67.51.101])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 85C9F43D3F
	for <freebsd-questions@freebsd.org>;
	Thu, 26 Aug 2004 20:38:01 +0000 (GMT)
	(envelope-from dan@dan.emsphone.com)
Received: (from dan@localhost)
	by dan.emsphone.com (8.12.11/8.12.11) id i7QKc18B016097;
	Thu, 26 Aug 2004 15:38:01 -0500 (CDT)
	(envelope-from dan)
Date: Thu, 26 Aug 2004 15:38:00 -0500
From: Dan Nelson <dnelson@allantgroup.com>
To: "Kenneth A. Bond" <fhb_1969@yahoo.ca>
Message-ID: <20040826203800.GH91848@dan.emsphone.com>
References: <20040826191202.68070.qmail@web53403.mail.yahoo.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20040826191202.68070.qmail@web53403.mail.yahoo.com>
X-OS: FreeBSD 5.3-BETA1
X-message-flag: Outlook Error
User-Agent: Mutt/1.5.6i
cc: freebsd-questions@freebsd.org
Subject: Re: Alternatives to CVSUP for Security Updates and Errata
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Aug 2004 20:38:02 -0000

In the last episode (Aug 26), Kenneth A. Bond said:
> I currently manage several FreeBSD 4.9 and 4.10 servers that serve as
> high volume web servers to several of our employees worldwide.
>  
> As you can imagine, in firm the size of ours, various teams are
> reponsible for various aspects of our technology infrastructure. With
> that said, I have requested to have our security team create a policy
> that will allow traffic to and from my servers via port 5999 for
> CVSup, so that I could synch my source.
>  
> My request has been flatly refused, due to the fact that FreeBSD is
> not a firm-standard operating system. The security team will not open
> up the firewalls for this purpose. CVSup is not an option.

You don't need to allow incoming connections to port 5999; cvsup by
default will multiplex traffic over the one outgoing connection.  You
can also connect through a SOCKS proxy server (but not an HTTP proxy)
if your company has one.  If your firewall blocks all outgoing TCP
connects, then you are probably stuck.

-- 
	Dan Nelson
	dnelson@allantgroup.com