RPM
dnf/yum packages are firewalled in gate mode. Requires root — configure manually.
- Proxy URL:
https://packages.vulnetix.com/rpm - Plan: Enterprise
- Enforcement: Gate — the signed repodata is unchanged;
.rpmdownloads for blocked versions are rejected.
Getting started
Warning
yum/dnf repo configuration requires root and is not automated by the CLI.
Configuration
/etc/yum.repos.d/vulnetix.repo:
[vulnetix]
name=Vulnetix Package Firewall
baseurl=https://packages.vulnetix.com/rpm/releases/$releasever/Everything/$basearch/os/
enabled=1
gpgcheck=1
username=YOUR_ORG_UUID
password=YOUR_API_KEY
Use it
sudo dnf install <package>
Block responses & exit codes
A blocked package returns a semantic HTTP status with a JSON body — 423 malware, 426 vulnerable (upgrade), 425 cooldown, 428 bad actor, 422 end-of-life, 402 plan not entitled. A blocked .rpm download fails with the policy status; the signed repomd.xml/primary.xml is served unchanged. See Block responses & exit codes for the full table. The vulnetix package-firewall rpm command exits 0 on success and 1 on failure.
Configure policies
Thresholds (CVSS/EPSS/CESS), block toggles (malware, KEV, weaponized, …), and the release cooldown window are set per organization in the Vulnetix console — not in the CLI. See Configuring policies.
Troubleshooting
username/passwordin the.repofile are read by dnf/yum directly.- Keep
gpgcheck=1; the firewall never edits repodata so signature checks pass. - See Troubleshooting for shared auth, shell, and cache guidance, and
vulnetix auth statusto confirm what is configured.