[CentOS] cr repo and firewalling

Tue Jan 15 22:33:47 UTC 2013
Nicolas Thierry-Mieg <Nicolas.Thierry-Mieg at imag.fr>

Nicolas Thierry-Mieg wrote:
> Markus Falb wrote:
>> On 15.1.2013 22:18, Nicolas Thierry-Mieg wrote:
>>> Markus Falb wrote:
>>>> dns round robin is not very helpful for me doing firewall rules.
>>>> How would you solve this yum and firewall thing?
>>> pick a mirror that's close to you and trustworthy (ie stays up to date),
>>> and use that as your baseurl.
>> you mean per ip
>> mirror.centos.org has address
>> baseurl=$releasever/cr/$basearch/
>> avoiding dns. yes, it would be possible, but how reliable it is?
> no, I meant choose a good one from the list:
> http://www.centos.org/modules/tinycontent/index.php?id=31
> for example myself I could pick http://mirrors.ircam.fr/pub/CentOS/
> then put that name (not IP) in your baseurl:
> baseurl=http://mirrors.ircam.fr/pub/Centos/$releasever/cr/$basearch/
> and comment out mirrorlist= since you don't use it anymore.
> Similar to what you're saying but no need to avoid DNS, and the choice
> of mirror is important.
> It's reliable if the mirror you use is reliable. Not as much as
> mirrorlist, but some mirrors are quite solid. I've used this approach
> for some machines for many years without having to change my mirror.
> Just make sure you pick a good one.

I agree you will need to run a cron job to check that the IP of your 
mirror hasn't changed, and if it did update the firewall rule, although 
that won't happen often.