From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1LLhz6-0001o7-Qj for garchives@archives.gentoo.org; Sat, 10 Jan 2009 17:50:57 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 01AE5E02A7; Sat, 10 Jan 2009 17:50:55 +0000 (UTC) Received: from mail-bw0-f12.google.com (mail-bw0-f12.google.com [209.85.218.12]) by pigeon.gentoo.org (Postfix) with ESMTP id 95594E02A7 for ; Sat, 10 Jan 2009 17:50:54 +0000 (UTC) Received: by bwz5 with SMTP id 5so19535802bwz.10 for ; Sat, 10 Jan 2009 09:50:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=eqOTVhMLdwxR3dpv79oC3UTQkc8wfZMjE1hHop+0OFs=; b=tsNUTIvQWPkPYiMn3qlVLD4ogR/Y1g86YiawxSvGibgGQETyNk5kdtvFbOb11zQ3DD BMe4SD5e6+pL0jjXRLvsbl+uHsDPrny4GCZQlHt9sIi7aQ4OTNhSyLMHzNGhN6CAUD1S 0LndWnCnMtlD5kbaaBsnlG4ObYp1PZeLD8NBs= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=e1kKYM3/ufsTduWls0Azte1qQQu3TKisBeBkqZNCh8DMixn1KpNkJqnZb7Q1OXGH93 usR1d+wTj5N8BfEj9tJWJ9qyr7ZjxZSqF+ny1KplzriYeesJG9HjFYJisNqpHz9oerM3 2fwAVxc6BtmitBsh/P532RTW3PqAOK+cHQHrM= Received: by 10.181.216.12 with SMTP id t12mr10230762bkq.122.1231609843157; Sat, 10 Jan 2009 09:50:43 -0800 (PST) Received: by 10.181.16.3 with HTTP; Sat, 10 Jan 2009 09:50:43 -0800 (PST) Message-ID: <49bf44f10901100950i7dbf2fcp93a6c06882fd1c1f@mail.gmail.com> Date: Sat, 10 Jan 2009 09:50:43 -0800 From: Grant To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Restricting Firefox website access In-Reply-To: Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <49bf44f10901071344l3f081b8dmaa6353b41fb59f4@mail.gmail.com> <854dca5c0901081257u25c6dee0j7871901221592a95@mail.gmail.com> <49bf44f10901091040t6c1920c4kbd504920e256ac20@mail.gmail.com> <200901092105.21568.alan.mckinnon@gmail.com> <49bf44f10901091132mb738451r930792a24fe7a49a@mail.gmail.com> X-Archives-Salt: d95ca978-0014-4e11-b1a1-4ca22c0cb63b X-Archives-Hash: cffc23d1b26395002cff30cfca9970cf >>> 1. Put all your mirror sites in the exception list. This can get tedious as >>> some ebuilds list many mirrors for sources >>> >>> or >>> >>> 2. wget using ftp >>> >>> or >>> >>> 3. set up a proxy >>> >>> The easiest is #2 by far >> >> Does portage use wget over http by default? Can I change a setting to >> make it use ftp? >> >> - Grant >> >> > > I think you would do well to setup a squid proxy and block outbound > traffic for the affected machines. We've had great success with squid > in our environment. This gives you a tremendous amount of flexibility > on your access control, and it means you don't have to be concerned > about which transport methods are used when updating/installing. > Added bonus is that the squid caches your Gentoo download objects. Is that tough to set up? I would think an iptables solution would be easier, but maybe that won't work out. - Grant