Re: [CentOS] cr repo and firewalling

Am 15.01.2013 21:58, schrieb Markus Falb:

I would like to install the packages from the continuous release repo and the yum config for this repo says

baseurl=http://mirror.centos.org/centos/$releasever/cr/$basearch/

well, I definitely do not want to allow worldwide outgoing http so I try to find the IPs

# host mirror.centos.org mirror.centos.org has address 93.113.36.66

but! wait...

# host mirror.centos.org mirror.centos.org has address 88.198.211.197

dns round robin is not very helpful for me doing firewall rules. How would you solve this yum and firewall thing?

You'll need an application level gateway (ALG) firewall. Simple packet filtering, even stateful, is not sufficient for this purpose.