[CentOS] cr repo and firewalling

Nicolas Thierry-Mieg Nicolas.Thierry-Mieg at imag.fr
Tue Jan 15 22:33:47 UTC 2013

Nicolas Thierry-Mieg wrote:
> Markus Falb wrote:
>> On 15.1.2013 22:18, Nicolas Thierry-Mieg wrote:
>>> Markus Falb wrote:
>>>> dns round robin is not very helpful for me doing firewall rules.
>>>> How would you solve this yum and firewall thing?
>>> pick a mirror that's close to you and trustworthy (ie stays up to date),
>>> and use that as your baseurl.
>> you mean per ip
>> mirror.centos.org has address
>> baseurl=$releasever/cr/$basearch/
>> avoiding dns. yes, it would be possible, but how reliable it is?
> no, I meant choose a good one from the list:
> http://www.centos.org/modules/tinycontent/index.php?id=31
> for example myself I could pick http://mirrors.ircam.fr/pub/CentOS/
> then put that name (not IP) in your baseurl:
> baseurl=http://mirrors.ircam.fr/pub/Centos/$releasever/cr/$basearch/
> and comment out mirrorlist= since you don't use it anymore.
> Similar to what you're saying but no need to avoid DNS, and the choice
> of mirror is important.
> It's reliable if the mirror you use is reliable. Not as much as
> mirrorlist, but some mirrors are quite solid. I've used this approach
> for some machines for many years without having to change my mirror.
> Just make sure you pick a good one.

I agree you will need to run a cron job to check that the IP of your 
mirror hasn't changed, and if it did update the firewall rule, although 
that won't happen often.

More information about the CentOS mailing list