On Oct 11, 2013, at 07:23 PM, Julian Taylor wrote: >It is better if one disables internet access of package builds completely. >With pbuilder and iptables this is very easy, just run this when booting: > >iptables -I OUTPUT ! -d 127.0.0.1 -m owner --gid-owner 1234 -j REJECT >--reject-with icmp-port-unreachable >ip6tables -I OUTPUT ! -d ::1 -m owner --gid-owner 1234 -j REJECT --reject-with >icmp6-port-unreachable > >(It works because pbuilder builds as user 1234, won't work for --login >sessions)
And if you don't use pbuilder? :) -Barry -- To UNSUBSCRIBE, email to debian-python-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131011132625.7632847b@anarchist
