[CentOS] cr repo and firewalling

Tue Jan 15 22:03:11 UTC 2013
Markus Falb <markus.falb at fasel.at>

On 15.1.2013 22:18, Nicolas Thierry-Mieg wrote:
> Markus Falb wrote:

>> dns round robin is not very helpful for me doing firewall rules.
>> How would you solve this yum and firewall thing?
> 
> pick a mirror that's close to you and trustworthy (ie stays up to date), 
> and use that as your baseurl.

you mean per ip

mirror.centos.org has address 91.215.65.226
baseurl=http://91.215.65.226/centos/$releasever/cr/$basearch/

avoiding dns. yes, it would be possible, but how reliable it is?

I realise that the name based mirrorlist has the same problem with ip
adresses going stale eventually.

The problem is that firewall is acting on ip adresses but mirrorlist is
spitting out names. So what I did recently is periodically resolve the
ips and update the firewall rules with the new ip list hoping that not
all of them are stale until the next reload of firewall.

Hmm.
-- 
Kind Regards, Markus Falb

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 308 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20130115/6670e8ed/attachment-0004.sig>