From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1LLevc-0004UL-Na for garchives@archives.gentoo.org; Sat, 10 Jan 2009 14:35:09 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 8CE37E01E0; Sat, 10 Jan 2009 14:35:07 +0000 (UTC) Received: from mail-ew0-f21.google.com (mail-ew0-f21.google.com [209.85.219.21]) by pigeon.gentoo.org (Postfix) with ESMTP id 4EFCBE01E0 for ; Sat, 10 Jan 2009 14:35:07 +0000 (UTC) Received: by ewy14 with SMTP id 14so11319805ewy.10 for ; Sat, 10 Jan 2009 06:35:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=wLGWEW87rcmKn+wrHqrbYTeukETYM6KCUXuGWBsJa+o=; b=UqSeDtkmbue136V+26tnQq5TnK97fDA1xsIpd0jtozL0oqX4QSMyxDAUhX4X/L/I9f 8YcFhRr1hCMJCKnmMLxyOxhHISytNP0SkOK3LsLYlSmjqIFoxFNO7Xwd56s9OjFdJD1y R2N9uSjcEtR9i8Pr1mgdWq8U9ff3wP/Cuz/1k= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=PaXeRuOUY8YEB9Sfm+aaYgr8TO83EEQRRFZogdF+ZNZoWoUeWPkoX59H8PRSMnQcCg ZBH9w9ji+tcpYodypVWvpGrjlBFMtF+WoQabVzFZom41SWMTfAU3Mm7oYwrKir4P/Q+t NgTAhzYsNSahx+3NZU1SX+ZhHCE3bg1taiPfY= Received: by 10.210.43.11 with SMTP id q11mr5913862ebq.63.1231598106823; Sat, 10 Jan 2009 06:35:06 -0800 (PST) Received: by 10.210.86.19 with HTTP; Sat, 10 Jan 2009 06:35:06 -0800 (PST) Message-ID: Date: Sat, 10 Jan 2009 14:35:06 +0000 From: "Matt Causey" To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Restricting Firefox website access In-Reply-To: <49bf44f10901091132mb738451r930792a24fe7a49a@mail.gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <49bf44f10901071344l3f081b8dmaa6353b41fb59f4@mail.gmail.com> <854dca5c0901081257u25c6dee0j7871901221592a95@mail.gmail.com> <49bf44f10901091040t6c1920c4kbd504920e256ac20@mail.gmail.com> <200901092105.21568.alan.mckinnon@gmail.com> <49bf44f10901091132mb738451r930792a24fe7a49a@mail.gmail.com> X-Archives-Salt: 462f20d2-ea66-4f00-93d1-0af7a71d2730 X-Archives-Hash: 56ae01bf21e8c0e23753caf6cc08097a >> >> 1. Put all your mirror sites in the exception list. This can get tedious as >> some ebuilds list many mirrors for sources >> >> or >> >> 2. wget using ftp >> >> or >> >> 3. set up a proxy >> >> The easiest is #2 by far > > Does portage use wget over http by default? Can I change a setting to > make it use ftp? > > - Grant > > I think you would do well to setup a squid proxy and block outbound traffic for the affected machines. We've had great success with squid in our environment. This gives you a tremendous amount of flexibility on your access control, and it means you don't have to be concerned about which transport methods are used when updating/installing. Added bonus is that the squid caches your Gentoo download objects. -- Matt