From owner-freebsd-questions@FreeBSD.ORG Fri Sep 5 15:51:58 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8779B106564A for ; Fri, 5 Sep 2008 15:51:58 +0000 (UTC) (envelope-from millenia2000@hotmail.com) Received: from bay0-omc1-s3.bay0.hotmail.com (bay0-omc1-s3.bay0.hotmail.com [65.54.246.75]) by mx1.freebsd.org (Postfix) with ESMTP id 710678FC14 for ; Fri, 5 Sep 2008 15:51:58 +0000 (UTC) (envelope-from millenia2000@hotmail.com) Received: from BAY126-W60 ([65.55.131.95]) by bay0-omc1-s3.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Fri, 5 Sep 2008 08:51:58 -0700 Message-ID: X-Originating-IP: [214.4.253.97] From: Sean Cavanaugh To: Date: Fri, 5 Sep 2008 11:51:57 -0400 Importance: Normal In-Reply-To: <20080905154344.GL5474@pcjas.obspm.fr> References: <20080905141402.GJ5474@pcjas.obspm.fr> <20080905154344.GL5474@pcjas.obspm.fr> MIME-Version: 1.0 X-OriginalArrivalTime: 05 Sep 2008 15:51:58.0113 (UTC) FILETIME=[53F52110:01C90F6F] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-questions@freebsd.org Subject: RE: portsnap in cron and firewall X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Sep 2008 15:51:58 -0000 > Date: Fri=2C 5 Sep 2008 17:43:44 +0200> From: Albert.Shih@obspm.fr> To: m= illenia2000@hotmail.com> CC: freebsd-questions@freebsd.org> Subject: Re: po= rtsnap in cron and firewall> > > Le 05/09/2008 =E0 11:33:59-0400=2C Sean Ca= vanaugh a =E9crit> > > > > > > Date: Fri=2C 5 Sep 2008 16:14:02 +0200> From= : Albert.Shih@obspm.fr>> > > To: freebsd-questions@freebsd.org> Subject: po= rtsnap in cron and> > > firewall> > Hi all> > I've some servers for interna= l use. On those> > > servers I have some pf (or> ipfw) rule to deny any con= nection from> > > inside to outside. > > Long time ago when ports tree is u= pdate with> > > cvs=2C I'm using something like> > pf command to open insid= e -->> > > outside connection> cvsup > portupgrade --fetch-only --all> pf> = > > command to close inside --> outside connection> > But now with> > > por= tsnap cron (that's mean random sleep) I don't known when> the> > > system t= ry to connect outside. > > Do you have any idea how can I> > > make my upda= te using portsnap (I known I can> use cvsup) in a> > > crontab with my netw= ork config ? >> > > > "portsnap cron" just randomizes the time to download = unlike "portsnap> > fetch" which says to do it right now. cron was added to= help randomize> > the time so everyone syncing at midnight UTC arent all h= itting at> > exact same time.> > Yes I known. That's why I'm asking you how= can I make portsnap through the> cron and opening firewall just before he = going to make the connection.> > Of course I can hack the portsnap to make = he don't try to see if it's fork> by cron or not. But it's not a good idea = IMHO=2C what's happen if all person> do that ?=20 I think you misread what i was saying. Inside your cron job use "portsnap f= etch" instead of "portsnap cron". that way it will fetch exactly when you r= un the cron job=2C without the randomized delay. =20 most likely a shell script that would have the following: 1)open pf 2)portsnap fetch 3)portsnap update (<- you were missing this important step also) 4)portupgrade --fetch-only --all 5)close pf=