I'm doing some testing in a lab which is isolated from the rest of my
network (DMZ). I'm doing both inbound and outbound filtering at the
firewall (CentOS +iptables).
What protocols, ports and destination IP addresses does yum use to
identify updates, and then actually go get them for installation?
Looking at yum.conf and wireshark data, yum appears to go to a central
site, look up the closest mirrors, then query the mirrors for the latest
updates.
Using wireshark it appears that http and tcp are used, but the addresses
are all over the place (many mirrors).
Is there a way to restrict the outbound traffic to a small number of
mirrors? In other words, can I force yum to only check certain sites?
If that is not so easy, I should be able to restrict the outbound
traffic to a small set of addresses (yes/no?).
DaveM
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
