From owner-freebsd-questions@FreeBSD.ORG Fri Sep 5 15:43:46 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C7986106564A for ; Fri, 5 Sep 2008 15:43:46 +0000 (UTC) (envelope-from jas@pcjas.obspm.fr) Received: from blade2-ext.obspm.fr (blade2-ext.obspm.fr [145.238.186.8]) by mx1.freebsd.org (Postfix) with ESMTP id 5B7E68FC12 for ; Fri, 5 Sep 2008 15:43:46 +0000 (UTC) (envelope-from jas@pcjas.obspm.fr) Received: from pcjas.obspm.fr (pcjas.obspm.fr [145.238.184.233]) by blade2-ext.obspm.fr (8.13.8/8.13.8/SIO Observatoire de Paris - 15/11/07) with ESMTP id m85FhisR021424 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 5 Sep 2008 17:43:45 +0200 Received: from pcjas.obspm.fr (localhost [127.0.0.1]) by pcjas.obspm.fr (8.14.2/8.14.2) with ESMTP id m85FhivE007283; Fri, 5 Sep 2008 17:43:44 +0200 (CEST) (envelope-from jas@pcjas.obspm.fr) Received: (from jas@localhost) by pcjas.obspm.fr (8.14.2/8.14.2/Submit) id m85FhiZq007282; Fri, 5 Sep 2008 17:43:44 +0200 (CEST) (envelope-from jas) Date: Fri, 5 Sep 2008 17:43:44 +0200 From: Albert Shih To: Sean Cavanaugh Message-ID: <20080905154344.GL5474@pcjas.obspm.fr> References: <20080905141402.GJ5474@pcjas.obspm.fr> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.5.18 (2008-05-17) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.0 (blade2-ext.obspm.fr [145.238.186.20]); Fri, 05 Sep 2008 17:43:45 +0200 (CEST) X-Virus-Scanned: ClamAV 0.93.3/8167/Fri Sep 5 13:10:15 2008 on blade2-ext.obspm.fr X-Virus-Status: Clean Cc: freebsd-questions@freebsd.org Subject: Re: portsnap in cron and firewall X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Albert.Shih@obspm.fr List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Sep 2008 15:43:46 -0000 Le 05/09/2008 à 11:33:59-0400, Sean Cavanaugh a écrit > > > > Date: Fri, 5 Sep 2008 16:14:02 +0200> From: Albert.Shih@obspm.fr> > > To: freebsd-questions@freebsd.org> Subject: portsnap in cron and > > firewall> > Hi all> > I've some servers for internal use. On those > > servers I have some pf (or> ipfw) rule to deny any connection from > > inside to outside. > > Long time ago when ports tree is update with > > cvs, I'm using something like> > pf command to open inside --> > > outside connection> cvsup > portupgrade --fetch-only --all> pf > > command to close inside --> outside connection> > But now with > > portsnap cron (that's mean random sleep) I don't known when> the > > system try to connect outside. > > Do you have any idea how can I > > make my update using portsnap (I known I can> use cvsup) in a > > crontab with my network config ? > > > "portsnap cron" just randomizes the time to download unlike "portsnap > fetch" which says to do it right now. cron was added to help randomize > the time so everyone syncing at midnight UTC arent all hitting at > exact same time. Yes I known. That's why I'm asking you how can I make portsnap through the cron and opening firewall just before he going to make the connection. Of course I can hack the portsnap to make he don't try to see if it's fork by cron or not. But it's not a good idea IMHO, what's happen if all person do that ? Regards. -- Albert SHIH SIO batiment 15 Observatoire de Paris Meudon 5 Place Jules Janssen 92195 Meudon Cedex Heure local/Local time: Ven 5 sep 2008 17:41:30 CEST