>>> 1. Put all your mirror sites in the exception list. This can get tedious as >>> some ebuilds list many mirrors for sources >>> >>> or >>> >>> 2. wget using ftp >>> >>> or >>> >>> 3. set up a proxy >>> >>> The easiest is #2 by far >> >> Does portage use wget over http by default? Can I change a setting to >> make it use ftp? >> >> - Grant >> >> > > I think you would do well to setup a squid proxy and block outbound > traffic for the affected machines. We've had great success with squid > in our environment. This gives you a tremendous amount of flexibility > on your access control, and it means you don't have to be concerned > about which transport methods are used when updating/installing. > Added bonus is that the squid caches your Gentoo download objects.
Is that tough to set up? I would think an iptables solution would be easier, but maybe that won't work out. - Grant
