Hi marcinstec,
Quote Originally Posted by marcinstec View Post
Hey SuSE?!? How about reasonable list od IP's and URLs SMT is accessing while registration AND mirroring process so I can make my security guys happy with the whiltelist of allowed sites ?
the more typical use case for such environments is running SMT behind an HTTPS proxy. This offers the added bonus of using credentials to open rule sets selectively for requesters (like SMT) that might need a broader range of accesses.

Looking at our update server's entries in our proxy log, I see connects to scc.suse.com and updates.suse.com, both https (port 443) - every other access is for channels not hosted at SUSE. These typically are no "web page" accesses, but API calls and RPM downloads, so there's nothing to compare via the "looks" in a browser window.

Regarding the impact of CDNs: Of course, the actual IP addresses used for "updates.suse.com" may differ widely, pointing to according servers of some CDN. Thus IP filtering would be a pain and constant source of trouble.