On Saturday 17 January 2009 20:12:06 Grant wrote: > > This requires only that the computer in question has a static IP or a > > permanent lease (so you always know what it is), and you know the IP of > > the web sites to be accessed (dig is a very good friend). Allow these, > > deny everything else to destination port 80. > > That sounds good, but I won't be able to fetch all updates that > portage might want, right?
There's always a wrinkle isn't there? I find in real terms that my machines get all their updates from gentoo.org or from the gentoo mirror on the ftp server at work. That works for me, if those two mirrors both fail, I have problems that a change of GENTOO_MIRRORS will not solve. Perhaps the same is true of your environment. Failing that, I think you need to haul out the big guns, along with the big administration burden, and run an http proxy -- alan dot mckinnon at gmail dot com
