[CentOS] cr repo and firewalling

Fri Jan 18 09:23:09 UTC 2013
Tilman Schmidt <t.schmidt at phoenixsoftware.de>

Am 15.01.2013 21:58, schrieb Markus Falb:
> I would like to install the packages from
> the continuous release repo and the yum config for this repo says
> baseurl=http://mirror.centos.org/centos/$releasever/cr/$basearch/
> well, I definitely do not want to allow worldwide outgoing http so I
> try to find the IPs
> # host mirror.centos.org
> mirror.centos.org has address
> but! wait...
> # host mirror.centos.org
> mirror.centos.org has address
> dns round robin is not very helpful for me doing firewall rules.
> How would you solve this yum and firewall thing?

You'll need an application level gateway (ALG) firewall.
Simple packet filtering, even stateful, is not sufficient
for this purpose.

Tilman Schmidt
Phoenix Software GmbH
Bonn, Germany

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20130118/2e70694c/attachment-0004.sig>