[CentOS] cr repo and firewalling
markus.falb at fasel.at
Tue Jan 15 22:03:11 UTC 2013
On 15.1.2013 22:18, Nicolas Thierry-Mieg wrote:
> Markus Falb wrote:
>> dns round robin is not very helpful for me doing firewall rules.
>> How would you solve this yum and firewall thing?
> pick a mirror that's close to you and trustworthy (ie stays up to date),
> and use that as your baseurl.
you mean per ip
mirror.centos.org has address 18.104.22.168
avoiding dns. yes, it would be possible, but how reliable it is?
I realise that the name based mirrorlist has the same problem with ip
adresses going stale eventually.
The problem is that firewall is acting on ip adresses but mirrorlist is
spitting out names. So what I did recently is periodically resolve the
ips and update the firewall rules with the new ip list hoping that not
all of them are stale until the next reload of firewall.
Kind Regards, Markus Falb
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 308 bytes
Desc: OpenPGP digital signature
More information about the CentOS