From owner-freebsd-questions@FreeBSD.ORG Fri Sep 5 16:00:58 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AC0231065673 for ; Fri, 5 Sep 2008 16:00:58 +0000 (UTC) (envelope-from fbsd06+ZP=1ab97a2f@mlists.homeunix.com) Received: from fallback-in1.mxes.net (fallback-out1.mxes.net [216.86.168.190]) by mx1.freebsd.org (Postfix) with ESMTP id 802138FC26 for ; Fri, 5 Sep 2008 16:00:58 +0000 (UTC) (envelope-from fbsd06+ZP=1ab97a2f@mlists.homeunix.com) Received: from mxout-03.mxes.net (mxout-03.mxes.net [216.86.168.178]) by fallback-in1.mxes.net (Postfix) with ESMTP id AC2C7164762 for ; Fri, 5 Sep 2008 11:49:30 -0400 (EDT) Received: from gumby.homeunix.com. (unknown [87.81.140.128]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTP id DABD523E4B5; Fri, 5 Sep 2008 11:49:28 -0400 (EDT) Date: Fri, 5 Sep 2008 16:49:26 +0100 From: RW To: freebsd-questions@freebsd.org Message-ID: <20080905164926.07dbb9f1@gumby.homeunix.com.> In-Reply-To: <20080905141402.GJ5474@pcjas.obspm.fr> References: <20080905141402.GJ5474@pcjas.obspm.fr> X-Mailer: Claws Mail 3.5.0 (GTK+ 2.12.11; i386-portbld-freebsd7.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: Albert.Shih@obspm.fr Subject: Re: portsnap in cron and firewall X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Sep 2008 16:00:58 -0000 On Fri, 5 Sep 2008 16:14:02 +0200 Albert Shih wrote: > Hi all > > I've some servers for internal use. On those servers I have some pf > (or ipfw) rule to deny any connection from inside to outside. > > Long time ago when ports tree is update with cvs, I'm using something > like > > pf command to open inside --> outside connection > cvsup > portupgrade --fetch-only --all > pf command to close inside --> outside connection > > But now with portsnap cron (that's mean random sleep) I don't known > when the system try to connect outside. > > Do you have any idea how can I make my update using portsnap (I known You can do this" sleep `jot -r 1 0 3599` portsnap fetch However, I would suggest you simply create pf rules to allow the server contact to the portsnap servers.