portsnap in cron and firewall

RW fbsd06 at mlists.homeunix.com
Fri Sep 5 16:00:58 UTC 2008

On Fri, 5 Sep 2008 16:14:02 +0200
Albert Shih <Albert.Shih at obspm.fr> wrote:

> Hi all
> I've some servers for internal use. On those servers I have some pf
> (or ipfw) rule to deny any connection from inside to outside. 
> Long time ago when ports tree is update with cvs, I'm using something
> like
> pf command to open inside --> outside connection
> cvsup 
> portupgrade --fetch-only --all
> pf command to close inside --> outside connection
> But now with portsnap cron (that's mean random sleep) I don't known
> when the system try to connect outside. 
> Do you have any idea how can I make my update using portsnap (I known

You can do this"

sleep `jot -r  1 0 3599`
<open pf>
portsnap fetch
<close pf>

However, I would suggest you simply create pf rules to allow the
server contact to the portsnap servers. 

More information about the freebsd-questions mailing list