From owner-freebsd-questions@FreeBSD.ORG Fri Oct 10 16:45:07 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D79621065688 for ; Fri, 10 Oct 2008 16:45:07 +0000 (UTC) (envelope-from jalmberg@identry.com) Received: from mx1.identry.com (on.identry.com [66.111.0.194]) by mx1.freebsd.org (Postfix) with ESMTP id 7B4EE8FC1D for ; Fri, 10 Oct 2008 16:45:07 +0000 (UTC) (envelope-from jalmberg@identry.com) Received: (qmail 8072 invoked by uid 89); 10 Oct 2008 16:45:05 -0000 Received: from unknown (HELO ?192.168.1.110?) (jalmberg@75.127.142.66) by mx1.identry.com with ESMTPA; 10 Oct 2008 16:45:05 -0000 Mime-Version: 1.0 (Apple Message framework v753.1) Content-Transfer-Encoding: 7bit Message-Id: <110C2D5E-5772-4304-9F90-FDAC5EACAE2E@identry.com> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed To: freebsd-questions@freebsd.org From: John Almberg Date: Fri, 10 Oct 2008 12:45:04 -0400 X-Mailer: Apple Mail (2.753.1) Subject: Firewall and FreeBSD ports X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Oct 2008 16:45:07 -0000 I just set up a new server with a very restricted PF configuration. One problem: I can no longer install software with ports (i.e, the / usr/ports collection.) I have to disable PF to do so. Obviously not a great solution. Am I correct in guessing that ports uses FTP to grab source files from mirrors? I'm trying to figure out the smallest number of ports (the TCP/IP kind) that I need to open in my firewall. I don't want to enable incoming FTP requests, but do want to allow outgoing ftp requests, I believe. Am I on the right track, here? Thanks: John