portsnap in cron and firewall

Sean Cavanaugh millenia2000 at hotmail.com
Fri Sep 5 15:51:58 UTC 2008

> Date: Fri, 5 Sep 2008 17:43:44 +0200> From: Albert.Shih at obspm.fr> To: millenia2000 at hotmail.com> CC: freebsd-questions at freebsd.org> Subject: Re: portsnap in cron and firewall> > > Le 05/09/2008 à 11:33:59-0400, Sean Cavanaugh a écrit> > > > > > > Date: Fri, 5 Sep 2008 16:14:02 +0200> From: Albert.Shih at obspm.fr>> > > To: freebsd-questions at freebsd.org> Subject: portsnap in cron and> > > firewall> > Hi all> > I've some servers for internal use. On those> > > servers I have some pf (or> ipfw) rule to deny any connection from> > > inside to outside. > > Long time ago when ports tree is update with> > > cvs, I'm using something like> > pf command to open inside -->> > > outside connection> cvsup > portupgrade --fetch-only --all> pf> > > command to close inside --> outside connection> > But now with> > > portsnap cron (that's mean random sleep) I don't known when> the> > > system try to connect outside. > > Do you have any idea how can I> > > make my update using portsnap (I known I can> use cvsup) in a> > > crontab with my network config ? >> > > > "portsnap cron" just randomizes the time to download unlike "portsnap> > fetch" which says to do it right now. cron was added to help randomize> > the time so everyone syncing at midnight UTC arent all hitting at> > exact same time.> > Yes I known. That's why I'm asking you how can I make portsnap through the> cron and opening firewall just before he going to make the connection.> > Of course I can hack the portsnap to make he don't try to see if it's fork> by cron or not. But it's not a good idea IMHO, what's happen if all person> do that ? 
I think you misread what i was saying. Inside your cron job use "portsnap fetch" instead of "portsnap cron". that way it will fetch exactly when you run the cron job, without the randomized delay.
most likely a shell script that would have the following:
1)open pf
2)portsnap fetch
3)portsnap update (<- you were missing this important step also)
4)portupgrade --fetch-only --all
5)close pf

More information about the freebsd-questions mailing list