Post B0DXQdKMUca3DNeyW0 by DrRac27@fosstodon.org
 (DIR) More posts by DrRac27@fosstodon.org
 (DIR) Post #B0DXQbTVNehpT9vFUO by gumnos@mastodon.bsd.cafe
       2025-11-13T14:00:30Z
       
       0 likes, 0 repeats
       
       Is there a comprehensive list of IP addresses used by stock #FreeBSD updates (freebsd-update(8) and pkg(8) and/or any other default system-maintenance utilities I might be missing)?Looking at my /etc/freebsd-update.conf and /etc/pkg/FreeBSD.conf files, it looks like update.freebsd.org and pkg.freebsd.orgThe aim is to configure pf(4) to limit jails outbound connections to only those update servers.  A first-pass approximation suggests just running host(1) against those two servers and using the resulting IPv4/IPv6 addresses, but I don't know how frequently they'd change (are they fronting any sort of CDN that might choose different IPs?) or if I'm missing any other critical names/IPs.
       
 (DIR) Post #B0DXQdKMUca3DNeyW0 by DrRac27@fosstodon.org
       2025-11-13T22:24:52Z
       
       0 likes, 0 repeats
       
       @gumnos I think a better solution would be to run a local mirror or (caching?) proxy e.g. in another Jail that has full network access.
       
 (DIR) Post #B0DXQeZdrIOh53ogyG by gumnos@mastodon.bsd.cafe
       2025-11-13T22:58:25Z
       
       0 likes, 0 repeats
       
       @DrRac27 yeah, eventually I'd like to set up a jail as a local mirror/proxy and have local jail updates hit that instead of multiplying traffic to FreeBSD.org servers, though even that would preferably have limited outbound ports.