| 1 |
>>> 1. Put all your mirror sites in the exception list. This can get tedious as |
| 2 |
>>> some ebuilds list many mirrors for sources |
| 3 |
>>> |
| 4 |
>>> or |
| 5 |
>>> |
| 6 |
>>> 2. wget using ftp |
| 7 |
>>> |
| 8 |
>>> or |
| 9 |
>>> |
| 10 |
>>> 3. set up a proxy |
| 11 |
>>> |
| 12 |
>>> The easiest is #2 by far |
| 13 |
>> |
| 14 |
>> Does portage use wget over http by default? Can I change a setting to |
| 15 |
>> make it use ftp? |
| 16 |
>> |
| 17 |
>> - Grant |
| 18 |
>> |
| 19 |
>> |
| 20 |
> |
| 21 |
> I think you would do well to setup a squid proxy and block outbound |
| 22 |
> traffic for the affected machines. We've had great success with squid |
| 23 |
> in our environment. This gives you a tremendous amount of flexibility |
| 24 |
> on your access control, and it means you don't have to be concerned |
| 25 |
> about which transport methods are used when updating/installing. |
| 26 |
> Added bonus is that the squid caches your Gentoo download objects. |
| 27 |
|
| 28 |
Is that tough to set up? I would think an iptables solution would be |
| 29 |
easier, but maybe that won't work out. |
| 30 |
|
| 31 |
- Grant |
Archives