Certainly. I should have thought of that - at least to get these initially set up.
However, given my "Linux Skillz" I'm probably not at the point to feel too good about these guys being totally safe & having relatively unrestricted access - since I don't know what I'm giving them access to.
I still think knowing what servers are providing the updates is the better way to go. That way as I deploy more of these appliances, I don't have to worry about whitelisting them before I create them - or having students smart enough to try to bump & clone a machine on the network in order to get that access.
Your solution would help in the short term - but I think I would still like to narrow the entire scope down to just the addresses needed instead. Thanks though!
Duh!
Certainly. I should have thought of that - at least to get these initially set up.
However, given my "Linux Skillz" I'm probably not at the point to feel too good about these guys being totally safe & having relatively unrestricted access - since I don't know what I'm giving them access to.
I still think knowing what servers are providing the updates is the better way to go. That way as I deploy more of these appliances, I don't have to worry about whitelisting them before I create them - or having students smart enough to try to bump & clone a machine on the network in order to get that access.
Your solution would help in the short term - but I think I would still like to narrow the entire scope down to just the addresses needed instead. Thanks though!