On Wed, Nov 17, 2010 at 7:36 AM, David McGuffey <davidmcguffey at verizon.net> wrote: > > I'm doing some testing in a lab which is isolated from the rest of my > network (DMZ). I'm doing both inbound and outbound filtering at the > firewall (CentOS +iptables). > > What protocols, ports and destination IP addresses does yum use to > identify updates, and then actually go get them for installation? > > Looking at yum.conf and wireshark data, yum appears to go to a central > site, look up the closest mirrors, then query the mirrors for the latest > updates. > > Using wireshark it appears that http and tcp are used, but the addresses > are all over the place (many mirrors). > > Is there a way to restrict the outbound traffic to a small number of > mirrors? In other words, can I force yum to only check certain sites? > > If that is not so easy, I should be able to restrict the outbound > traffic to a small set of addresses (yes/no?). You can comment out "mirrorlist" and uncomment "baseurl" and set it to your preferred mirror in the files in "/etc/yum.repos.d".