portsnap in cron and firewall
Hi all I've some servers for internal use. On those servers I have some pf (or ipfw) rule to deny any connection from inside to outside. Long time ago when ports tree is update with cvs, I'm using something like pf command to open inside -- outside connection cvsup portupgrade --fetch-only --all pf command to close inside -- outside connection But now with portsnap cron (that's mean random sleep) I don't known when the system try to connect outside. Do you have any idea how can I make my update using portsnap (I known I can use cvsup) in a crontab with my network config ? Regards. -- Albert SHIH SIO batiment 15 Observatoire de Paris Meudon 5 Place Jules Janssen 92195 Meudon Cedex Heure local/Local time: Ven 5 sep 2008 16:07:27 CEST ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: portsnap in cron and firewall
Date: Fri, 5 Sep 2008 16:14:02 +0200 From: [EMAIL PROTECTED] To: freebsd-questions@freebsd.org Subject: portsnap in cron and firewall Hi all I've some servers for internal use. On those servers I have some pf (or ipfw) rule to deny any connection from inside to outside. Long time ago when ports tree is update with cvs, I'm using something like pf command to open inside -- outside connection cvsup portupgrade --fetch-only --all pf command to close inside -- outside connection But now with portsnap cron (that's mean random sleep) I don't known when the system try to connect outside. Do you have any idea how can I make my update using portsnap (I known I can use cvsup) in a crontab with my network config ? portsnap cron just randomizes the time to download unlike portsnap fetch which says to do it right now. cron was added to help randomize the time so everyone syncing at midnight UTC arent all hitting at exact same time.___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portsnap in cron and firewall
Le 05/09/2008 à 11:33:59-0400, Sean Cavanaugh a écrit Date: Fri, 5 Sep 2008 16:14:02 +0200 From: [EMAIL PROTECTED] To: freebsd-questions@freebsd.org Subject: portsnap in cron and firewall Hi all I've some servers for internal use. On those servers I have some pf (or ipfw) rule to deny any connection from inside to outside. Long time ago when ports tree is update with cvs, I'm using something like pf command to open inside -- outside connection cvsup portupgrade --fetch-only --all pf command to close inside -- outside connection But now with portsnap cron (that's mean random sleep) I don't known when the system try to connect outside. Do you have any idea how can I make my update using portsnap (I known I can use cvsup) in a crontab with my network config ? portsnap cron just randomizes the time to download unlike portsnap fetch which says to do it right now. cron was added to help randomize the time so everyone syncing at midnight UTC arent all hitting at exact same time. Yes I known. That's why I'm asking you how can I make portsnap through the cron and opening firewall just before he going to make the connection. Of course I can hack the portsnap to make he don't try to see if it's fork by cron or not. But it's not a good idea IMHO, what's happen if all person do that ? Regards. -- Albert SHIH SIO batiment 15 Observatoire de Paris Meudon 5 Place Jules Janssen 92195 Meudon Cedex Heure local/Local time: Ven 5 sep 2008 17:41:30 CEST ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: portsnap in cron and firewall
Date: Fri, 5 Sep 2008 17:43:44 +0200 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] CC: freebsd-questions@freebsd.org Subject: Re: portsnap in cron and firewall Le 05/09/2008 à 11:33:59-0400, Sean Cavanaugh a écrit Date: Fri, 5 Sep 2008 16:14:02 +0200 From: [EMAIL PROTECTED] To: freebsd-questions@freebsd.org Subject: portsnap in cron and firewall Hi all I've some servers for internal use. On those servers I have some pf (or ipfw) rule to deny any connection from inside to outside. Long time ago when ports tree is update with cvs, I'm using something like pf command to open inside -- outside connection cvsup portupgrade --fetch-only --all pf command to close inside -- outside connection But now with portsnap cron (that's mean random sleep) I don't known when the system try to connect outside. Do you have any idea how can I make my update using portsnap (I known I can use cvsup) in a crontab with my network config ? portsnap cron just randomizes the time to download unlike portsnap fetch which says to do it right now. cron was added to help randomize the time so everyone syncing at midnight UTC arent all hitting at exact same time. Yes I known. That's why I'm asking you how can I make portsnap through the cron and opening firewall just before he going to make the connection. Of course I can hack the portsnap to make he don't try to see if it's fork by cron or not. But it's not a good idea IMHO, what's happen if all person do that ? I think you misread what i was saying. Inside your cron job use portsnap fetch instead of portsnap cron. that way it will fetch exactly when you run the cron job, without the randomized delay. most likely a shell script that would have the following: 1)open pf 2)portsnap fetch 3)portsnap update (- you were missing this important step also) 4)portupgrade --fetch-only --all 5)close pf___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portsnap in cron and firewall
Le 05/09/2008 à 11:51:57-0400, Sean Cavanaugh a écrit --- Yes I known. That's why I'm asking you how can I make portsnap through the cron and opening firewall just before he going to make the connection. Of course I can hack the portsnap to make he don't try to see if it's fork by cron or not. But it's not a good idea IMHO, what's happen if all person do that ? I think you misread what i was saying. Inside your cron job use portsnap fetch instead of portsnap cron. that way it will fetch exactly when you run the cron job, without the randomized delay. most likely a shell script that would have the following: 1)open pf 2)portsnap fetch 3)portsnap update (- you were missing this important step also) 4)portupgrade --fetch-only --all 5)close pf Yes I known ;-) and I understand what you saying. But what I'm saying is if the developper of portsnap think it's useful to put some randomized delay I'm going to follow this. Because if I make what you say how can I known after 1 or 2 years there no other enough users to do same thing and make the portsnap server overload ? Event I make some «randomize» time in the crontab it's only when I make the crontab, that's mean every day the portsnap is launch in the same moment. The best solution is to make some «hook_script» in the portsnap and after the randomize delay is over just before the fetch is launch to run a hook-script So now portsnap cron = sleep random_time; portsnap fetch what I think is portsnap cron -h hook-script = sleep random_time; sh hook-script; portsnap fetch regards. -- Albert SHIH SIO batiment 15 Observatoire de Paris Meudon 5 Place Jules Janssen 92195 Meudon Cedex Heure local/Local time: Ven 5 sep 2008 17:53:37 CEST ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portsnap in cron and firewall
On Fri, 5 Sep 2008 16:14:02 +0200 Albert Shih [EMAIL PROTECTED] wrote: Hi all I've some servers for internal use. On those servers I have some pf (or ipfw) rule to deny any connection from inside to outside. Long time ago when ports tree is update with cvs, I'm using something like pf command to open inside -- outside connection cvsup portupgrade --fetch-only --all pf command to close inside -- outside connection But now with portsnap cron (that's mean random sleep) I don't known when the system try to connect outside. Do you have any idea how can I make my update using portsnap (I known You can do this sleep `jot -r 1 0 3599` open pf portsnap fetch close pf However, I would suggest you simply create pf rules to allow the server contact to the portsnap servers. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portsnap in cron and firewall
On Fri, 5 Sep 2008 16:49:26 +0100 RW [EMAIL PROTECTED] wrote: On Fri, 5 Sep 2008 16:14:02 +0200 Albert Shih [EMAIL PROTECTED] wrote: But now with portsnap cron (that's mean random sleep) I don't known when the system try to connect outside. You can do this sleep `jot -r 1 0 3599` open pf portsnap fetch close pf Actually, I just took a look at portsnap and I see that portsnap fetch has an explicit check for a terminal, so it wont work from crontab. However, I would suggest you simply create pf rules to allow the server contact to the portsnap servers. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]