Alan McKinnon wrote:
On Saturday 17 January 2009 20:12:06 Grant wrote:
This requires only that the computer in question has a static IP or a
permanent lease (so you always know what it is), and you know the IP of
the web sites to be accessed (dig is a very good friend). Allow these,
deny everything else to destination port 80.
That sounds good, but I won't be able to fetch all updates that
portage might want, right?
There's always a wrinkle isn't there?
I find in real terms that my machines get all their updates from gentoo.org or
from the gentoo mirror on the ftp server at work. That works for me, if those
two mirrors both fail, I have problems that a change of GENTOO_MIRRORS will
not solve.
Perhaps the same is true of your environment. Failing that, I think you need
to haul out the big guns, along with the big administration burden, and run
an http proxy
I setup my squid proxy probably 5 years ago, I moved the config over
when I switched to gentoo a couple of years ago, and it still works.
I would say I spend around 10 minutes a year performing admin tasks on
my (home) squid server.
I just wanted to let it be said that squid doesn't have to be a big burden.
Matt
