On Wed, Feb 15, 2017 at 2:30 PM, Carlos E. R.
The thing is, it is not zypper which decides the mirror to use, but the mirrorbrain at the download server.
Your people would have to decide to clear not a server outside, but one inside. The one that creates an internal mirror. Install an antivirus in that machine, and do the scanning in there. Suspect files are notified, and you clear them manually after confirmation. While the mirror sync job is working, the server does not serve the LAN.
I have had a machine in the DMZ. It provided a few services. This is a tricky machine in that the IT guys have an external company that tries to exploit things that are exposed. They are ruthless. I have been trying to minimize the things this machine does to the bare minimum so that there is less for them to complain about. I don't really want to have it become a mirror. I guess that would also mean that folks in the area would perhaps be sent here for their files. I'm not sure if that would be popular. Our IT guys are a paranoid lot. Of course, they have chosen Windows as the infrastructure... I had guessed that the mirror redirection was done as you described. Too bad the mirror is not opaque and that the local system still just sees download.opensuse.org. -- Roger Oberholtzer -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org