Date: Thu, 26 Aug 2004 15:38:00 -0500 From: Dan Nelson <dnelson@allantgroup.com> To: "Kenneth A. Bond" <fhb_1969@yahoo.ca> Cc: freebsd-questions@freebsd.org Subject: Re: Alternatives to CVSUP for Security Updates and Errata Message-ID: <20040826203800.GH91848@dan.emsphone.com> In-Reply-To: <20040826191202.68070.qmail@web53403.mail.yahoo.com> References: <20040826191202.68070.qmail@web53403.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In the last episode (Aug 26), Kenneth A. Bond said: > I currently manage several FreeBSD 4.9 and 4.10 servers that serve as > high volume web servers to several of our employees worldwide. > > As you can imagine, in firm the size of ours, various teams are > reponsible for various aspects of our technology infrastructure. With > that said, I have requested to have our security team create a policy > that will allow traffic to and from my servers via port 5999 for > CVSup, so that I could synch my source. > > My request has been flatly refused, due to the fact that FreeBSD is > not a firm-standard operating system. The security team will not open > up the firewalls for this purpose. CVSup is not an option. You don't need to allow incoming connections to port 5999; cvsup by default will multiplex traffic over the one outgoing connection. You can also connect through a SOCKS proxy server (but not an HTTP proxy) if your company has one. If your firewall blocks all outgoing TCP connects, then you are probably stuck. -- Dan Nelson dnelson@allantgroup.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040826203800.GH91848>