[CentOS] cr repo and firewalling

Tue Jan 15 22:28:45 UTC 2013
Nicolas Thierry-Mieg <Nicolas.Thierry-Mieg at imag.fr>

Markus Falb wrote:
> On 15.1.2013 22:18, Nicolas Thierry-Mieg wrote:
>> Markus Falb wrote:
>>> dns round robin is not very helpful for me doing firewall rules.
>>> How would you solve this yum and firewall thing?
>> pick a mirror that's close to you and trustworthy (ie stays up to date),
>> and use that as your baseurl.
> you mean per ip
> mirror.centos.org has address
> baseurl=$releasever/cr/$basearch/
> avoiding dns. yes, it would be possible, but how reliable it is?

no, I meant choose a good one from the list:

for example myself I could pick http://mirrors.ircam.fr/pub/CentOS/

then put that name (not IP) in your baseurl:

and comment out mirrorlist= since you don't use it anymore.

Similar to what you're saying but no need to avoid DNS, and the choice 
of mirror is important.

It's reliable if the mirror you use is reliable. Not as much as 
mirrorlist, but some mirrors are quite solid. I've used this approach 
for some machines for many years without having to change my mirror. 
Just make sure you pick a good one.