Solved pkg protocol question

[QuesoGrande]

I am busily setting up a new firewall and, among other things, want to be sure to not cut myself off from pkg and port support. I have looked for an answer to this and can't find much at all about it, but I want to avoid frustration with failing experiments to get an answer ... what protocol(s) need be passed by the firewall to be sure not to break the above services? In particular I would like to exclude ftp in favor of sftp, but is that even necessary and/or sufficient? I am using the PF firewall support in FreeBSD 13.2, 13.3, and a little later 14.x.

Thanks for any insight you can supply to help avoid frustration ...

 

[mer]

I don't know offhand, but why not start a pcap and then do a couple of pkg commands?

 

[SirDice]

what protocol(s) need be passed by the firewall to be sure not to break the above services?

The HTTP(S) ports; 80 and 443. And you probably want to allow outgoing DNS requests.

In particular I would like to exclude ftp

Well, you're in luck. Support for pkg(8) over FTP got removed some time ago.

 

[QuesoGrande]

Thanks much for the reply SirDice. I thought I remembered the removal, but then I had second doubts about it. I am VERY glad this is the case and I shall follow up accordingly.