From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1LLOq4-0000sk-Id for garchives@archives.gentoo.org; Fri, 09 Jan 2009 21:24:21 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 725E9E0294; Fri, 9 Jan 2009 21:24:19 +0000 (UTC) Received: from mail-ew0-f21.google.com (mail-ew0-f21.google.com [209.85.219.21]) by pigeon.gentoo.org (Postfix) with ESMTP id 14AB5E0294 for ; Fri, 9 Jan 2009 21:24:18 +0000 (UTC) Received: by ewy14 with SMTP id 14so11039627ewy.10 for ; Fri, 09 Jan 2009 13:24:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:subject:date :user-agent:references:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:message-id; bh=/oSFkCvIBv1bnCxlEjhCDUPn/s7/b+8oEhndq65UYC0=; b=sc9BHKYaE8//3wRD0PrdApzutP129zL/bQoQr2TdQzuSPKu9cw0IbRM2O3mXtFf2gU uTF29SS+72ioEDrNdfI2Ipoj9ouPgGL/M9UcL9g726/m3LCn0Cd1l8u2cYnegyDmDS3Y EJ2b/io7BWFbDtd4zKlWIwjSR+whXyrmZPz7g= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:subject:date:user-agent:references:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :message-id; b=YmxKPKh7jLVqFlurW3K1UHIECboYcAQS9MAMWY0/Uz2/HzWpg1BJ3E4cXAJS6FOvIC l4cyVU6sWEYT+KK5pjqjYQcsopd8pqEegXAQcw3z0KBJWOEQi8W4lMjJ1qyVffnO2exs V3QZzV5Oe6WY6oM36lnpIA9eaj98ASDE7eL6Y= Received: by 10.210.19.16 with SMTP id 16mr271270ebs.40.1231536258355; Fri, 09 Jan 2009 13:24:18 -0800 (PST) Received: from ?172.20.0.4? ([196.210.139.236]) by mx.google.com with ESMTPS id 28sm885704eye.40.2009.01.09.13.24.16 (version=TLSv1/SSLv3 cipher=RC4-MD5); Fri, 09 Jan 2009 13:24:17 -0800 (PST) From: Alan McKinnon To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Restricting Firefox website access Date: Fri, 9 Jan 2009 23:23:39 +0200 User-Agent: KMail/1.9.10 References: <49bf44f10901071344l3f081b8dmaa6353b41fb59f4@mail.gmail.com> <200901092105.21568.alan.mckinnon@gmail.com> <49bf44f10901091132mb738451r930792a24fe7a49a@mail.gmail.com> In-Reply-To: <49bf44f10901091132mb738451r930792a24fe7a49a@mail.gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200901092323.39850.alan.mckinnon@gmail.com> X-Archives-Salt: a89db521-771d-4140-bb0f-146316641efc X-Archives-Hash: 4cf643864d9cf3a689ad04811f8cbaef On Friday 09 January 2009 21:32:15 Grant wrote: > >> > You could use iptables to block all traffic headed to port 80 with > >> > exceptions for the domains you need. > >> > >> Would that cause problems with fetching packages for emerges? > > > > If you wget your packages using http, then yes. You could then: > > > > 1. Put all your mirror sites in the exception list. This can get tedious > > as some ebuilds list many mirrors for sources > > > > or > > > > 2. wget using ftp > > > > or > > > > 3. set up a proxy > > > > The easiest is #2 by far > > Does portage use wget over http by default? Can I change a setting to > make it use ftp? Just give GENTOO_MIRRORS a usable ftp:// url in make.conf There's nothing you can do about http URLs that might be in ebuilds. Those are hardcoded and emerge will tell wget to use those exact URLs -- alan dot mckinnon at gmail dot com