How to block updates?

[Dotty]

Running 11.2 U3
I know I can clear the checkmark for "auto update".
How can I actually disable the updates, even if another admin turned ON?
I cant be done, then maybe I can do it at the firewall but I dont know the DNS address or list of servers iX uses for hosting updates.

(I tried goin from U3 to U4.1 on my test env and many things broke, so Im worried about the one I use in production and accidentally updating).
Thanks

 

[diedrichg]

There is already a feature request out for turning off automatic updates but still get the alerts. I submitted a feature request for this a month or so ago and it was marked as duplicate. I don't know the FR number, you'd have to search for this feature.

 

[Chris Moore]

(I tried goin from U3 to U4.1 on my test env and many things broke, so Im worried about the one I use in production and accidentally updating).
Thanks

Just block FreeNAS from access to the internet. It doesn't need to be able to get to the web for anything other than updates. If it can't get to the internet, it can never even know that there is an update to load, much less load it. All the servers where I work are blocked from access to the internet.
We don't let any of them update anything at all unless we want them to. Not even Windows systems are allowed to just download and update on their own.

 

[Dotty]

Just block FreeNAS from access to the internet. It doesn't need to be able to get to the web for anything other than updates. If it can't get to the internet, it can never even know that there is an update to load, much less load it. All the servers where I work are blocked from access to the internet.
We don't let any of them update anything at all unless we want them to. Not even Windows systems are allowed to just download and update on their own.

I just realized, FreeNAS needs NTP servers on the Internet, it also needs access to some cloud services, for Cloud Sync, and it seems that it needs also access to the Internet in order to create jails (I tried to create one while FreeNAS was blocked and the 'release' dropdown wont populate, giving me "Error: Fetching remote release choices failed. None: Max retries exceeded with url: /security/unsupported.html (Caused by None)"
Will a 'host 'file modification be more adequate here? something like:
127.0.0.1 freenas.org .
etc
I realized FreeNAS has that ability on the GUI, under Networking Global Config, so I guess Ill do it there.

 

[Chris Moore]

With the systems that I am running offline, they are doing nothing but storage, no virtualization, or cloud sync. If you want to be able to configure jails, the system will still need access to freenas.org to pull the packages for jails. You just need to decide when the configuration is ready to be frozen. I have systems running for over a year with no internet connectivity by way of a fully air-gaped network. I manually set the date/time from the command line but you can easily setup a local time server. You could even allow the NTP protocol while blocking other protocols if you want time to be synced while everything else is blocked. Firewall configuration.