Nicolas Thierry-Mieg wrote: > Markus Falb wrote: >> On 15.1.2013 22:18, Nicolas Thierry-Mieg wrote: >>> Markus Falb wrote: >> >>>> dns round robin is not very helpful for me doing firewall rules. >>>> How would you solve this yum and firewall thing? >>> >>> pick a mirror that's close to you and trustworthy (ie stays up to date), >>> and use that as your baseurl. >> >> you mean per ip >> >> mirror.centos.org has address 91.215.65.226 >> baseurl=http://91.215.65.226/centos/$releasever/cr/$basearch/ >> >> avoiding dns. yes, it would be possible, but how reliable it is? > > no, I meant choose a good one from the list: > http://www.centos.org/modules/tinycontent/index.php?id=31 > > for example myself I could pick http://mirrors.ircam.fr/pub/CentOS/ > > then put that name (not IP) in your baseurl: > baseurl=http://mirrors.ircam.fr/pub/Centos/$releasever/cr/$basearch/ > > and comment out mirrorlist= since you don't use it anymore. > > Similar to what you're saying but no need to avoid DNS, and the choice > of mirror is important. > > It's reliable if the mirror you use is reliable. Not as much as > mirrorlist, but some mirrors are quite solid. I've used this approach > for some machines for many years without having to change my mirror. > Just make sure you pick a good one. I agree you will need to run a cron job to check that the IP of your mirror hasn't changed, and if it did update the firewall rule, although that won't happen often.