I was getting this error multiple times related to the "yum update" process:

http://repo.zabbix.com/zabbix/3.0/rh...ta/repomd.xml: [Errno 14] curl#7 - "Failed to connect to 2604:a880:2:d0::2062:d001: Network is unreachable" Trying other mirror.

I discovered that this was because I do not have IPv6 enabled on my server (pretty easy) and that I only see this error because the IPv4 address range containing the repo.zabbix.com address is blocked in my "csf.deny" file.
I discovered that 178.128.6.101 is the IPv4 address for repo.zabbix.com and added it to my csf.allow file explicitly.

But, I do NOT want to leave 178.128.6.101 FULLY open like this, and I'd also like to have a backup repo server IP address. So here are my questions:

1) Is there an backup IP address for repo.zabbix.com? repo2.zabbix.com or something like that?

2) Does anyone know the proper syntax for a limited ALLOW file entry for repo.zabbix.com's primary address?

a) tcp/udp|in/out|s/d=port,port,...|s/d=178.128.6.101 <---- General format
b) Specifically, which protocol? I ASSUME it is TCP?
c) IN, OUT, or both with two statements?
d) PORT NUMBERS? This is really the crux of the matter.... I assume it is NOT 10050/10051 which are the passive/active IPs for Agent to Monitor server. (More about that below).

3) Secondary to the questions above, I want to do the SAME thing to lock down the IP address my ISP is using to communicate with the passive agent on MY server.... All they know to say is to "OPEN Port 10050".... Well, I don't want it open for every IP address, every protocol and both directions is I don't have to have it that way. Of course, I know the IP address, but I need help with the rest.

tcp/udp|in/out|s/d=10050|s/d=<ISP provided IP> is the general phrase, I just need to know and preferably learn to understand the rest. <smile>

I apologize if this seems like "newbie" stuff, it IS newish to me.

Thanks in advance!
-Clay Autery