Re: Which type of FTP transfer for apt and aptitude?
On Wed, 21 Dec 2016 21:49:21 +0100
"M.A. Perry" <maperry@zeelandnet.nl> wrote:
> Dear People,
> A simple question for which I have so far found no
> answer in the Debian documentation. My computer
> is a domestic, Debian 8.6 AMD-64 box that uses
> apt-get and aptitude for ugrades and/or installations.
>
> We are currently writing a set of ip_tables rules for
> a default baseline -A OUTPUT DROP. Thus the rules
> will block outgoing traffic which is not specifically
> permitted.
>
> The URL specifications in /etc/apt/sources.list of
> my Debian box contain both HTTP and FTP in the URL
> for example: http://ftp.nl.debian.org/debian/ and this
> confuses me.
>
> QUESTION:
> Which data transfer protocol(s) are used for downloads
> from the Debian Repository to my desktop? Must my
> firewall ACCEPT
> -- plain HTTP (port 80) ; or
> -- is HTTPS (port 443) later involved; or
> -- active FTP (port 20) used or
> -- passive FTP (port 1024:65535) applicable ?
> Can anyone enlighten me please??
The URL you quote is an http one (the protocol before the ':'
determines it, everything after the '//' is just a hostname).
This makes life easiest, just allow 80 and 443. Some mirrors will I
believe use https, there is a current thread on the subject.
For FTP, you need the ip_conntrack and ip_conntrack_ftp modules loaded
(as FTP uses more than one port in a session) and something like this:
http://www.devops-blog.net/iptables/iptables-settings-for-outgoing-ftp
--
Joe
Reply to: