1 |
Alan McKinnon wrote: |
2 |
> On Saturday 17 January 2009 20:12:06 Grant wrote: |
3 |
> |
4 |
>>> This requires only that the computer in question has a static IP or a |
5 |
>>> permanent lease (so you always know what it is), and you know the IP of |
6 |
>>> the web sites to be accessed (dig is a very good friend). Allow these, |
7 |
>>> deny everything else to destination port 80. |
8 |
>> That sounds good, but I won't be able to fetch all updates that |
9 |
>> portage might want, right? |
10 |
> |
11 |
> There's always a wrinkle isn't there? |
12 |
> |
13 |
> I find in real terms that my machines get all their updates from gentoo.org or |
14 |
> from the gentoo mirror on the ftp server at work. That works for me, if those |
15 |
> two mirrors both fail, I have problems that a change of GENTOO_MIRRORS will |
16 |
> not solve. |
17 |
> |
18 |
> Perhaps the same is true of your environment. Failing that, I think you need |
19 |
> to haul out the big guns, along with the big administration burden, and run |
20 |
> an http proxy |
21 |
> |
22 |
|
23 |
I setup my squid proxy probably 5 years ago, I moved the config over |
24 |
when I switched to gentoo a couple of years ago, and it still works. |
25 |
|
26 |
I would say I spend around 10 minutes a year performing admin tasks on |
27 |
my (home) squid server. |
28 |
|
29 |
I just wanted to let it be said that squid doesn't have to be a big burden. |
30 |
|
31 |
Matt |