Date: Fri, 5 Sep 2008 11:51:57 -0400 From: Sean Cavanaugh <millenia2000@hotmail.com> To: <albert.shih@obspm.fr> Cc: freebsd-questions@freebsd.org Subject: RE: portsnap in cron and firewall Message-ID: <BAY126-W60FB210A0D01CD228948A1CA580@phx.gbl> In-Reply-To: <20080905154344.GL5474@pcjas.obspm.fr> References: <20080905141402.GJ5474@pcjas.obspm.fr> <BAY126-W4655DF1DD6692E49F7FD9ECA580@phx.gbl> <20080905154344.GL5474@pcjas.obspm.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
> Date: Fri=2C 5 Sep 2008 17:43:44 +0200> From: Albert.Shih@obspm.fr> To: m= illenia2000@hotmail.com> CC: freebsd-questions@freebsd.org> Subject: Re: po= rtsnap in cron and firewall> > > Le 05/09/2008 =E0 11:33:59-0400=2C Sean Ca= vanaugh a =E9crit> > > > > > > Date: Fri=2C 5 Sep 2008 16:14:02 +0200> From= : Albert.Shih@obspm.fr>> > > To: freebsd-questions@freebsd.org> Subject: po= rtsnap in cron and> > > firewall> > Hi all> > I've some servers for interna= l use. On those> > > servers I have some pf (or> ipfw) rule to deny any con= nection from> > > inside to outside. > > Long time ago when ports tree is u= pdate with> > > cvs=2C I'm using something like> > pf command to open insid= e -->> > > outside connection> cvsup > portupgrade --fetch-only --all> pf> = > > command to close inside --> outside connection> > But now with> > > por= tsnap cron (that's mean random sleep) I don't known when> the> > > system t= ry to connect outside. > > Do you have any idea how can I> > > make my upda= te using portsnap (I known I can> use cvsup) in a> > > crontab with my netw= ork config ? >> > > > "portsnap cron" just randomizes the time to download = unlike "portsnap> > fetch" which says to do it right now. cron was added to= help randomize> > the time so everyone syncing at midnight UTC arent all h= itting at> > exact same time.> > Yes I known. That's why I'm asking you how= can I make portsnap through the> cron and opening firewall just before he = going to make the connection.> > Of course I can hack the portsnap to make = he don't try to see if it's fork> by cron or not. But it's not a good idea = IMHO=2C what's happen if all person> do that ?=20 I think you misread what i was saying. Inside your cron job use "portsnap f= etch" instead of "portsnap cron". that way it will fetch exactly when you r= un the cron job=2C without the randomized delay. =20 most likely a shell script that would have the following: 1)open pf 2)portsnap fetch 3)portsnap update (<- you were missing this important step also) 4)portupgrade --fetch-only --all 5)close pf=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BAY126-W60FB210A0D01CD228948A1CA580>