On Wed, 21 Dec 2016 21:49:21 +0100 "M.A. Perry" <[email protected]> wrote:
> Dear People, > A simple question for which I have so far found no > answer in the Debian documentation. My computer > is a domestic, Debian 8.6 AMD-64 box that uses > apt-get and aptitude for ugrades and/or installations. > > We are currently writing a set of ip_tables rules for > a default baseline -A OUTPUT DROP. Thus the rules > will block outgoing traffic which is not specifically > permitted. > > The URL specifications in /etc/apt/sources.list of > my Debian box contain both HTTP and FTP in the URL > for example: http://ftp.nl.debian.org/debian/ and this > confuses me. > > QUESTION: > Which data transfer protocol(s) are used for downloads > from the Debian Repository to my desktop? Must my > firewall ACCEPT > -- plain HTTP (port 80) ; or > -- is HTTPS (port 443) later involved; or > -- active FTP (port 20) used or > -- passive FTP (port 1024:65535) applicable ? > Can anyone enlighten me please?? The URL you quote is an http one (the protocol before the ':' determines it, everything after the '//' is just a hostname). This makes life easiest, just allow 80 and 443. Some mirrors will I believe use https, there is a current thread on the subject. For FTP, you need the ip_conntrack and ip_conntrack_ftp modules loaded (as FTP uses more than one port in a session) and something like this: http://www.devops-blog.net/iptables/iptables-settings-for-outgoing-ftp -- Joe
