RE: apt-get & firewall

To: j.e.nielsen@iname.com, debian-user@lists.debian.org
Subject: RE: apt-get & firewall
From: Frederico.S.Muñoz <Frederico.S.Munoz@seg-social.pt>
Date: Tue, 30 Oct 2001 17:56:05 -0000
Message-id: <[🔎] F9C6675FEE7CD51188DE00508BE23D9F8C9DF0@ssexch-00-iies.seg-social.pt>

> > > What ports must be opened in the firewall so that the machine
> > > behind it
> > > is able to use "apt-get" to realize an 'dist-upgrade'?.
> > >
> > > Davi
> >
> > AFAIK either the HTTP, the FTP, or both; it depends on what 
> you define in
> > your sources.line.
> >
> > If you only define http sites you would only need the http 
> port open, the
> > same with the ftp.
> 
> Yes, but you need only open the ports for outgoing requests, and your 
> firewall should be set with a packet filter that will accept 
> only packets 
> that are replies to requests from your computer.
> 

Ehehe, indeed, but nobody said anything about doing the apt securely... just
what ports it used ;)

Seriously, doing what you mentioned is the correct behavior, having a packet
firewall that alloes ESTABLISHED and connections from
the intranet to the Intenet; heck, you could even go mediaeval about it and
only allow http or ftp requests to those hosts present in the sources.line
:)


Cheers,

--
Frederico S. Muñoz
Cap Gemini Ernst & Young : fmunoz@capgemini.pt
IIES : frederico.s.munoz@seg-social.pt
Debian Project: fsmunoz@debian.org

**
Ever noticed something? Unix comes with compilers. Windows comes with
Solitaire.
**
  -Adep

Reply to:

Prev by Date: a very big problem
Next by Date: RE: Going down the Rabbit Hole (was: apt-get sources.list question)
Previous by thread: Re: a very big problem
Next by thread: changing to Debian from Mandrake
Index(es):
- Date
- Thread