On 11/17/10 7:25 AM, Tom H wrote: > On Wed, Nov 17, 2010 at 7:36 AM, David McGuffey > <davidmcguffey at verizon.net> wrote: >> >> I'm doing some testing in a lab which is isolated from the rest of my >> network (DMZ). I'm doing both inbound and outbound filtering at the >> firewall (CentOS +iptables). >> >> What protocols, ports and destination IP addresses does yum use to >> identify updates, and then actually go get them for installation? >> >> Looking at yum.conf and wireshark data, yum appears to go to a central >> site, look up the closest mirrors, then query the mirrors for the latest >> updates. >> >> Using wireshark it appears that http and tcp are used, but the addresses >> are all over the place (many mirrors). >> >> Is there a way to restrict the outbound traffic to a small number of >> mirrors? In other words, can I force yum to only check certain sites? >> >> If that is not so easy, I should be able to restrict the outbound >> traffic to a small set of addresses (yes/no?). > > You can comment out "mirrorlist" and uncomment "baseurl" and set it to > your preferred mirror in the files in "/etc/yum.repos.d". Also, if you have a squid or similar proxy that has unrestricted outbound access you can set it in /etc/conf or simply export http_proxy= and ftp_proxy= values before running yum. -- Les Mikesell lesmikesell at gmail.com