On Wed, Jan 19, 2022 at 02:20:08PM +0000, Andy Smith wrote: > If you have a secure network that must not be able to connect out to > arbitrary web sites, I think you probably should be running a local > proxy or Debian mirror outside of that network, then allowing your > secure network to use that and that alone.
I forgot to add: a good option might be apt-cacher-ng which is packaged in Debian. You can list the sites that are allowed e.g. deb.debian.org and then you'd set it as a proxy on the hosts in your secure network. They'd only be able to download stuff from http://deb.debian.org/… and you'd get caching in there as a bonus. It would not be possible to use it to contact any other site (by URL). You can probably do a similar thing with other more general web proxies like squid. Cheers, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting
