diff --git a/dom0/qvm-core/qubes.py b/dom0/qvm-core/qubes.py
index e7222140..b06f107a 100755
--- a/dom0/qvm-core/qubes.py
+++ b/dom0/qvm-core/qubes.py
@@ -106,6 +106,9 @@ qubes_appmenu_create_cmd = "/usr/lib/qubes/create_apps_for_appvm.sh"
 qubes_appmenu_remove_cmd = "/usr/lib/qubes/remove_appvm_appmenus.sh"
 qubes_pciback_cmd = '/usr/lib/qubes/unbind_pci_device.sh'
 
+yum_proxy_ip = '10.137.255.254'
+yum_proxy_port = '8082'
+
 class QubesException (Exception) : pass
 
 if not dry_run:
@@ -400,7 +403,7 @@ class QubesVm(object):
                 shutil.copy(self.firewall_conf, "%s/backup/%s-firewall-%s.xml"
                         % (qubes_base_dir, self.name, time.strftime('%Y-%m-%d-%H:%M:%S')))
             self.write_firewall_conf({'allow': False, 'allowDns': False,
-                    'allowIcmp': False, 'rules': []})
+                    'allowIcmp': False, 'allowYumProxy': False, 'rules': []})
         else:
             new_netvm.connected_vms[self.qid]=self
 
@@ -1167,7 +1170,8 @@ class QubesVm(object):
                 "QubesFirwallRules",
                 policy = "allow" if conf["allow"] else "deny",
                 dns = "allow" if conf["allowDns"] else "deny",
-                icmp = "allow" if conf["allowIcmp"] else "deny"
+                icmp = "allow" if conf["allowIcmp"] else "deny",
+                yumProxy = "allow" if conf["allowYumProxy"] else "deny"
         )
 
         for rule in conf["rules"]:
@@ -1213,7 +1217,7 @@ class QubesVm(object):
         return os.path.exists (self.firewall_conf)
 
     def get_firewall_conf(self):
-        conf = { "rules": list(), "allow": True, "allowDns": True, "allowIcmp": True }
+        conf = { "rules": list(), "allow": True, "allowDns": True, "allowIcmp": True, "allowYumProxy": False }
 
         try:
             tree = xml.etree.ElementTree.parse(self.firewall_conf)
@@ -1222,6 +1226,7 @@ class QubesVm(object):
             conf["allow"] = (root.get("policy") == "allow")
             conf["allowDns"] = (root.get("dns") == "allow")
             conf["allowIcmp"] = (root.get("icmp") == "allow")
+            conf["allowYumProxy"] = (root.get("yumProxy") == "allow")
 
             for element in root:
                 rule = {}
@@ -1969,7 +1974,7 @@ class QubesProxyVm(QubesNetVm):
             if vm.has_firewall():
                 conf = vm.get_firewall_conf()
             else:
-                conf = { "rules": list(), "allow": True, "allowDns": True, "allowIcmp": True }
+                conf = { "rules": list(), "allow": True, "allowDns": True, "allowIcmp": True, "allowYumProxy": False }
 
             xid = vm.get_xid()
             if xid < 0: # VM not active ATM
@@ -2012,6 +2017,10 @@ class QubesProxyVm(QubesNetVm):
                 iptables += "-A FORWARD -s {0} -p udp -d {1} --dport 53 -j ACCEPT\n".format(ip,self.netvm.secondary_dns)
             if conf["allowIcmp"]:
                 iptables += "-A FORWARD -s {0} -p icmp -j ACCEPT\n".format(ip)
+            if conf["allowYumProxy"]:
+                iptables += "-A FORWARD -s {0} -p tcp -d {1} --dport {2} -j ACCEPT\n".format(ip, yum_proxy_ip, yum_proxy_port)
+            else:
+                iptables += "-A FORWARD -s {0} -p tcp -d {1} --dport {2} -j DROP\n".format(ip, yum_proxy_ip, yum_proxy_port)
 
             iptables += "-A FORWARD -s {0} -j {1}\n".format(ip, default_action)
             iptables += "COMMIT\n"