(Tue, Feb 11, 2014 at 01:29:30PM +0100) Constantin :
You could establish a VPN/tunnel originating from the server you want to update. That way, from the machine's view, it is an outgoing connection and might not be restricted by the firewall. You can then use the existing tunnel to ssh back to the machine. Of course this would require an accessible server somewhere outside.
Sure, that's what I understood in the former message, and already thought of doing it. The problem that I have (maybe it wasn't clear in my message) is that then I give an "obvious" *permanent* entry point to a network that is willingly closed. If anything happens (even if I'm quite confident with the security of the machine, we never know), it's my responsibility, and I don't want that. -- Ismael