Squid actually Proxy will do the trick....
Nope. Not if they are installed on those PCs.
Just block outgoing connections to all webservers but those that are allowed.
iptables -A OUTPUT -p tcp --dport 80 -d allowedip -j ACCEPT iptables -A OUTPUT -p tcp --dport 80 -d centosmirror -j ACCEPT iptables -A OUTPUT -p tcp --dport 80 -j DROP or REJECT
Or to be more complete:
iptables -P OUTPUT DROP or REJECT iptables -A OUTPUT -d localnet -j ACCEPT iptables -A OUTPUT -p tcp --dport 80 -d centosmirror -j ACCEPT iptables -A OUTPUT -p tcp --dport 80 -d allowedip -j ACCEPT and so on.
I found out that there is a proxy in our network and I can use a private network address, I configured yum to use the proxy and everything is working fine for the moment. But maybe this solution will be not flexible enough in future - then I gonna check your suggestions and will try to get deeper in the iptables configuration. Can anybody tell me what ip or domain i would have to allow to get access to the centos mirrors with yum for getting updates properly. TIA!
-Arne