| 1 |
Alan McKinnon wrote: |
| 2 |
> On Saturday 17 January 2009 20:12:06 Grant wrote: |
| 3 |
> |
| 4 |
>>> This requires only that the computer in question has a static IP or a |
| 5 |
>>> permanent lease (so you always know what it is), and you know the IP of |
| 6 |
>>> the web sites to be accessed (dig is a very good friend). Allow these, |
| 7 |
>>> deny everything else to destination port 80. |
| 8 |
>> That sounds good, but I won't be able to fetch all updates that |
| 9 |
>> portage might want, right? |
| 10 |
> |
| 11 |
> There's always a wrinkle isn't there? |
| 12 |
> |
| 13 |
> I find in real terms that my machines get all their updates from gentoo.org or |
| 14 |
> from the gentoo mirror on the ftp server at work. That works for me, if those |
| 15 |
> two mirrors both fail, I have problems that a change of GENTOO_MIRRORS will |
| 16 |
> not solve. |
| 17 |
> |
| 18 |
> Perhaps the same is true of your environment. Failing that, I think you need |
| 19 |
> to haul out the big guns, along with the big administration burden, and run |
| 20 |
> an http proxy |
| 21 |
> |
| 22 |
|
| 23 |
I setup my squid proxy probably 5 years ago, I moved the config over |
| 24 |
when I switched to gentoo a couple of years ago, and it still works. |
| 25 |
|
| 26 |
I would say I spend around 10 minutes a year performing admin tasks on |
| 27 |
my (home) squid server. |
| 28 |
|
| 29 |
I just wanted to let it be said that squid doesn't have to be a big burden. |
| 30 |
|
| 31 |
Matt |
Archives