Good day. A while ago i tried to update my freebsd to a newer version and it failed, gave some error like
"Looking up update.FreeBSD.org mirrors... none found. Fetching public key from update.FreeBSD.org... failed.
No mirrors remaining, giving up".
Then I tried to install some programs from ports or packets, both failed just the same way. After some thought I turned off my firewall and all started working. But I don't understand what rules I should add so the system can upgrade and download anything from FreeBSD servers. Turning off firewall is a bad thing because of security. Here are my rules:
I replaced real IPs with * because they are public but that does not matter much.
I tried to google the problem but didn't find a clear answer about what ports and sockets FreeBSD uses to download what it needs so I can add a rule for that to my ipfw. I am sorry if my answer is stupid, I am still learning this OS, it is not easy for me.
"Looking up update.FreeBSD.org mirrors... none found. Fetching public key from update.FreeBSD.org... failed.
No mirrors remaining, giving up".
Then I tried to install some programs from ports or packets, both failed just the same way. After some thought I turned off my firewall and all started working. But I don't understand what rules I should add so the system can upgrade and download anything from FreeBSD servers. Turning off firewall is a bad thing because of security. Here are my rules:
I replaced real IPs with * because they are public but that does not matter much.
Code:
add 1000 allow icmp from any to any
add 1010 allow tcp from *.*.*.* to me 22 via igb0 keep-state
add 1020 allow tcp from *.*.*.* to me 22 via igb0 keep-state
add 1030 allow tcp from *.*.*.0/24 to me 22 via igb0 keep-state
add 1040 allow tcp from *.*.*.0/24 to me 22 via igb0 keep-state
add 1050 allow tcp from *.*.*.* to me 22 via igb0 keep-state
add 1060 allow tcp from any to me 22 via igb1 keep-state
add 1070 allow tcp from any to me 80 via igb0 keep-state
add 1080 allow tcp from any to me 443 via igb0 keep-state
add 1090 allow all from me to any
add 65000 deny ip from any to any
I tried to google the problem but didn't find a clear answer about what ports and sockets FreeBSD uses to download what it needs so I can add a rule for that to my ipfw. I am sorry if my answer is stupid, I am still learning this OS, it is not easy for me.