Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Syncing iptables rules between two servers

From: Christopher Jastram <cej () intech com>
Date: Mon, 10 Apr 2006 10:25:56 -0400
Lars Solberg wrote:

Hi

Is there anyone that know about how I can "sync" iptables rules on two
different servers? The plan is to have (on one of the servers) a
script that automaticly block ip adresses with iptables depending on
different conditions. When that ip adress is blocked I want it to
automaticly be blocked on another server to.
Personally, I'd pursue an rsync / ssh -c solution. Rsync a straight-up shell script that sets up your firewall rules, and then run it with ssh -c. If you set up your public keys properly on the remote server, you can run the whole thing from a script with no human intervention.. 

I have a very similar setup, but I copy the file over manually and run it.
I have a big iptables -F at the beginning of the firewall script, which takes care of any deleted rules. You may or may not want to do this sort of thing, depending on your setup, but it's necessary for me. The firewall script runs so fast that the temporary connection loss is not a problem. YMMV. 

Chris



-------------------------------------------------------------------------
This List Sponsored by: Webroot
Don't leave your confidential company and customer records un-protected. Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no obligation. See why so many companies trust Spy Sweeper Enterprise to eradicate spyware from their networks. 
FREE 30-Day Trial of Spy Sweeper Enterprise

http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: