>> Squid actually Proxy will do the trick.... > > Nope. Not if they are installed on those PCs. > > > Just block outgoing connections to all webservers but those that are > allowed. > > iptables -A OUTPUT -p tcp --dport 80 -d allowedip -j ACCEPT > iptables -A OUTPUT -p tcp --dport 80 -d centosmirror -j ACCEPT > iptables -A OUTPUT -p tcp --dport 80 -j DROP or REJECT > > Or to be more complete: > > iptables -P OUTPUT DROP or REJECT > iptables -A OUTPUT -d localnet -j ACCEPT > iptables -A OUTPUT -p tcp --dport 80 -d centosmirror -j ACCEPT > iptables -A OUTPUT -p tcp --dport 80 -d allowedip -j ACCEPT > and so on. I found out that there is a proxy in our network and I can use a private network address, I configured yum to use the proxy and everything is working fine for the moment. But maybe this solution will be not flexible enough in future - then I gonna check your suggestions and will try to get deeper in the iptables configuration. Can anybody tell me what ip or domain i would have to allow to get access to the centos mirrors with yum for getting updates properly. TIA! -Arne