On Wed, Nov 17, 2010 at 7:36 AM, David McGuffey
<davidmcguffey@xxxxxxxxxxx> wrote:
>
> I'm doing some testing in a lab which is isolated from the rest of my
> network (DMZ). I'm doing both inbound and outbound filtering at the
> firewall (CentOS +iptables).
>
> What protocols, ports and destination IP addresses does yum use to
> identify updates, and then actually go get them for installation?
>
> Looking at yum.conf and wireshark data, yum appears to go to a central
> site, look up the closest mirrors, then query the mirrors for the latest
> updates.
>
> Using wireshark it appears that http and tcp are used, but the addresses
> are all over the place (many mirrors).
>
> Is there a way to restrict the outbound traffic to a small number of
> mirrors? In other words, can I force yum to only check certain sites?
>
> If that is not so easy, I should be able to restrict the outbound
> traffic to a small set of addresses (yes/no?).
You can comment out "mirrorlist" and uncomment "baseurl" and set it to
your preferred mirror in the files in "/etc/yum.repos.d".
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
