On Wed, 30 Jul 2003, Mark C wrote: > I'm running a firewall using iptables on each server, these are just > standalone firewalls they then have to go through my main firewall after > woulds to go to their final destinations (just do not ask why ;)). > > As each pc will have to use apt-get get get new packages and security > updates, if there a way I can stipulate multiple ip's to one variable?
Why not save some bandwidth for yourself and the other web sites, and
simplify your firewall problems by using apt-proxy on one of the local
machines? Then all you need to do is:
1) set up the main firewall to let the apt-proxy machine
connect to the debian security sites
2) set up the other firewalls to let connections go to
the proxy machine.
Btw, a note: Hardcoding the ip address does not seem to be the way
to go, if you want any maintainability. If the ip address of
randomhost.debupdatesite.org changes, it will break security updates,
which is usually a bad thing. :( If you're extremely paranoid, set
up a seperate apt-proxy machine, only allow the proxy connections in,
and only allow the apt method for updating out (only destination port
80 for http, only destination port 21 and 20 for ftp, etc).
~ Jesse Meyer
--
icq: 34583382 / msn: [EMAIL PROTECTED] / yim: tsunad
"We are what we pretend to be, so we must be careful about what we
pretend to be." - Kurt Vonnegut Jr : Mother Night
pgp00000.pgp
Description: PGP signature
