# Portsnap fetch update not working



## JoeyKrizzal (Nov 12, 2010)

I opened up all ports in my ipfw firewall and I still can't run the [cmd=]portsnap fetch update[/cmd] command.  I get the following error message when I execute the command: 
	
	



```
Fetching snapshot tag from portsnap1.FreeBSD.org... failed.
```

Here is my ipfw config:


```
#!/bin/sh

ipfw="/sbin/ipfw -q -f"

${ipfw} flush


${ipfw} add 99999 allow all from any to any
```

Is there any other suggestion on what may be blocking this update command from running?


----------



## rusty (Nov 12, 2010)

Could always use a rule like;

```
# Allow out FBSD (make install & CVSUP) functions
# Basically give user root "GOD" privileges.
$cmd 00240 allow tcp from me to any out via $pif setup keep-state uid root
```

Sounds silly but have you tried switching server?
`# portsnap fetch update -s portsnap2.FreeBSD.org`


----------



## JoeyKrizzal (Nov 12, 2010)

Thanks for the assistance Rusty, but what is the value of the $pif variable?


----------



## wblock@ (Nov 12, 2010)

JoeyKrizzal said:
			
		

> I opened up all ports in my ipfw firewall and I still can't run the "*portsnap fetch update*" command.  I get the following error message when I execute the command: *Fetching snapshot tag from portsnap1.FreeBSD.org... failed.*



Your other thread about security settings might be involved.  A lot of people set security really high and then ordinary things suddenly fail.  *kern.securelevel*, for example.


----------



## rusty (Nov 12, 2010)

JoeyKrizzal said:
			
		

> Thanks for the assistance Rusty, but what is the value of the $pif variable?



Change it to the name of your NIC, have a look at
30.6.5.6 http://www.freebsd.org/doc/handbook/firewalls-ipfw.html


----------



## JoeyKrizzal (Nov 12, 2010)

True WBlock, it was set too high...  I commented out the #
	
	



```
kern_securelevel_enable="YES"
```
 and 
	
	



```
#kern_securelevel="3"
```
from my rc.conf file and rebooted the system.  Should I place the security level to 0 and reboot again?


----------



## wblock@ (Nov 12, 2010)

JoeyKrizzal said:
			
		

> True WBlock, it was set too high...  I commented out the #kern_securelevel_enable="YES" and #kern_securelevel="3"
> from my rc.conf file and rebooted the system.  Should I place the security level to 0 and reboot again?



Read the section in /etc/defaults/rc.conf about that.  I haven't used securelevel enough to make recommendations.  It'll depend on your situation.


----------

