portsnap in cron and firewall

2008-09-05 Thread Albert Shih 
Hi all

I've some servers for internal use. On those servers I have some pf (or
ipfw) rule to deny any connection from inside to outside. 

Long time ago when ports tree is update with cvs, I'm using something like

pf command to open inside -- outside connection
cvsup 
portupgrade --fetch-only --all
pf command to close inside -- outside connection

But now with portsnap cron (that's mean random sleep) I don't known when
the system try to connect outside. 

Do you have any idea how can I make my update using portsnap (I known I can
use cvsup) in a crontab with my network config ? 

Regards.

-- 
Albert SHIH
SIO batiment 15
Observatoire de Paris Meudon
5 Place Jules Janssen
92195 Meudon Cedex
Heure local/Local time:
Ven 5 sep 2008 16:07:27 CEST
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

RE: portsnap in cron and firewall

2008-09-05 Thread Sean Cavanaugh 


 Date: Fri, 5 Sep 2008 16:14:02 +0200 From: [EMAIL PROTECTED] To: 
 freebsd-questions@freebsd.org Subject: portsnap in cron and firewall  Hi 
 all  I've some servers for internal use. On those servers I have some pf 
 (or ipfw) rule to deny any connection from inside to outside.   Long time 
 ago when ports tree is update with cvs, I'm using something like  pf 
 command to open inside -- outside connection cvsup  portupgrade 
 --fetch-only --all pf command to close inside -- outside connection  But 
 now with portsnap cron (that's mean random sleep) I don't known when the 
 system try to connect outside.   Do you have any idea how can I make my 
 update using portsnap (I known I can use cvsup) in a crontab with my network 
 config ?  
 
portsnap cron just randomizes the time to download unlike portsnap fetch 
which says to do it right now. cron was added to help randomize the time so 
everyone syncing at midnight UTC arent all hitting at exact same 
time.___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: portsnap in cron and firewall

2008-09-05 Thread Albert Shih 
 Le 05/09/2008 à 11:33:59-0400, Sean Cavanaugh a écrit
 
 
  Date: Fri, 5 Sep 2008 16:14:02 +0200 From: [EMAIL PROTECTED]
  To: freebsd-questions@freebsd.org Subject: portsnap in cron and
  firewall  Hi all  I've some servers for internal use. On those
  servers I have some pf (or ipfw) rule to deny any connection from
  inside to outside.   Long time ago when ports tree is update with
  cvs, I'm using something like  pf command to open inside --
  outside connection cvsup  portupgrade --fetch-only --all pf
  command to close inside -- outside connection  But now with
  portsnap cron (that's mean random sleep) I don't known when the
  system try to connect outside.   Do you have any idea how can I
  make my update using portsnap (I known I can use cvsup) in a
  crontab with my network config ? 
  
 portsnap cron just randomizes the time to download unlike portsnap
 fetch which says to do it right now. cron was added to help randomize
 the time so everyone syncing at midnight UTC arent all hitting at
 exact same time.

Yes I known. That's why I'm asking you how can I make portsnap through the
cron and opening firewall just before he going to make the connection.

Of course I can hack the portsnap to make he don't try to see if it's fork
by cron or not. But it's not a good idea IMHO, what's happen if all person
do that ? 

Regards.

-- 
Albert SHIH
SIO batiment 15
Observatoire de Paris Meudon
5 Place Jules Janssen
92195 Meudon Cedex
Heure local/Local time:
Ven 5 sep 2008 17:41:30 CEST
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

RE: portsnap in cron and firewall

2008-09-05 Thread Sean Cavanaugh 


 Date: Fri, 5 Sep 2008 17:43:44 +0200 From: [EMAIL PROTECTED] To: [EMAIL 
 PROTECTED] CC: freebsd-questions@freebsd.org Subject: Re: portsnap in cron 
 and firewall   Le 05/09/2008 à 11:33:59-0400, Sean Cavanaugh a écrit   
 Date: Fri, 5 Sep 2008 16:14:02 +0200 From: [EMAIL PROTECTED]   
 To: freebsd-questions@freebsd.org Subject: portsnap in cron and   
 firewall  Hi all  I've some servers for internal use. On those   
 servers I have some pf (or ipfw) rule to deny any connection from   
 inside to outside.   Long time ago when ports tree is update with   cvs, 
 I'm using something like  pf command to open inside --   outside 
 connection cvsup  portupgrade --fetch-only --all pf   command to close 
 inside -- outside connection  But now with   portsnap cron (that's mean 
 random sleep) I don't known when the   system try to connect outside.   
 Do you have any idea how can I   make my update using portsnap (I known I 
 can use cvsup) in a   crontab with my network config ? portsnap 
 cron just randomizes the time to download unlike portsnap  fetch which 
 says to do it right now. cron was added to help randomize  the time so 
 everyone syncing at midnight UTC arent all hitting at  exact same time.  
 Yes I known. That's why I'm asking you how can I make portsnap through the 
 cron and opening firewall just before he going to make the connection.  Of 
 course I can hack the portsnap to make he don't try to see if it's fork by 
 cron or not. But it's not a good idea IMHO, what's happen if all person do 
 that ? 
I think you misread what i was saying. Inside your cron job use portsnap 
fetch instead of portsnap cron. that way it will fetch exactly when you run 
the cron job, without the randomized delay.
 
most likely a shell script that would have the following:
1)open pf
2)portsnap fetch
3)portsnap update (- you were missing this important step also)
4)portupgrade --fetch-only --all
5)close pf___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: portsnap in cron and firewall

2008-09-05 Thread Albert Shih 
 Le 05/09/2008 à 11:51:57-0400, Sean Cavanaugh a écrit
 ---
 
  Yes I known. That's why I'm asking you how can I make portsnap through the
  cron and opening firewall just before he going to make the connection.
 
  Of course I can hack the portsnap to make he don't try to see if it's fork
  by cron or not. But it's not a good idea IMHO, what's happen if all person
  do that ?
 
 I think you misread what i was saying. Inside your cron job use portsnap
 fetch instead of portsnap cron. that way it will fetch exactly when you run
 the cron job, without the randomized delay.
  
 most likely a shell script that would have the following:
 1)open pf
 2)portsnap fetch
 3)portsnap update (- you were missing this important step also)
 4)portupgrade --fetch-only --all
 5)close pf

Yes I known ;-) and I understand what you saying. But what I'm saying is if
the developper of portsnap think it's useful to put some randomized delay
I'm going to follow this. Because if I make what you say how can I known
after 1 or 2 years there no other enough users to do same thing and make the
portsnap server overload ? Event I make some «randomize» time in the
crontab it's only when I make the crontab, that's mean every day the
portsnap is launch in the same moment. 

The best solution is to make some «hook_script» in the portsnap and after
the randomize delay is over just before the fetch is launch to run a
hook-script

So now 
portsnap cron = sleep random_time; portsnap fetch

what I think is 

portsnap cron -h hook-script = sleep random_time; sh hook-script; 
portsnap fetch

regards.


-- 
Albert SHIH
SIO batiment 15
Observatoire de Paris Meudon
5 Place Jules Janssen
92195 Meudon Cedex
Heure local/Local time:
Ven 5 sep 2008 17:53:37 CEST
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: portsnap in cron and firewall

2008-09-05 Thread RW 
On Fri, 5 Sep 2008 16:14:02 +0200
Albert Shih [EMAIL PROTECTED] wrote:

 Hi all
 
 I've some servers for internal use. On those servers I have some pf
 (or ipfw) rule to deny any connection from inside to outside. 
 
 Long time ago when ports tree is update with cvs, I'm using something
 like
 
 pf command to open inside -- outside connection
 cvsup 
 portupgrade --fetch-only --all
 pf command to close inside -- outside connection
 
 But now with portsnap cron (that's mean random sleep) I don't known
 when the system try to connect outside. 
 
 Do you have any idea how can I make my update using portsnap (I known

You can do this

sleep `jot -r  1 0 3599`
open pf
portsnap fetch
close pf


However, I would suggest you simply create pf rules to allow the
server contact to the portsnap servers. 
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: portsnap in cron and firewall

2008-09-05 Thread RW 
On Fri, 5 Sep 2008 16:49:26 +0100
RW [EMAIL PROTECTED] wrote:

 On Fri, 5 Sep 2008 16:14:02 +0200
 Albert Shih [EMAIL PROTECTED] wrote:
 
But now with portsnap cron (that's mean random sleep) I don't known
  when the system try to connect outside. 

 You can do this
 
 sleep `jot -r  1 0 3599`
 open pf
 portsnap fetch
 close pf


Actually, I just took a look at portsnap and I see that portsnap fetch
has an explicit check for a terminal, so it wont work from crontab.

 
 However, I would suggest you simply create pf rules to allow the
 server contact to the portsnap servers. 
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]