Re: Syncing iptables rules between two servers

---

• From: Christopher Jastram <cej@xxxxxxxxxx>
• Date: Mon, 10 Apr 2006 10:25:56 -0400

---

Lars Solberg wrote:

Hi

Is there anyone that know about how I can "sync" iptables rules on two
different servers? The plan is to have (on one of the servers) a
script that automaticly block ip adresses with iptables depending on
different conditions. When that ip adress is blocked I want it to
automaticly be blocked on another server to.

Personally, I'd pursue an rsync / ssh -c solution. Rsync a straight-up shell script that sets up your firewall rules, and then run it with ssh -c. If you set up your public keys properly on the remote server, you can run the whole thing from a script with no human intervention..

I have a very similar setup, but I copy the file over manually and run it.

I have a big iptables -F at the beginning of the firewall script, which takes care of any deleted rules. You may or may not want to do this sort of thing, depending on your setup, but it's necessary for me. The firewall script runs so fast that the temporary connection loss is not a problem. YMMV.

Chris



-------------------------------------------------------------------------
This List Sponsored by: Webroot

Don't leave your confidential company and customer records un-protected. Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no obligation. See why so many companies trust Spy Sweeper Enterprise to eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise

http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------------------

---

• Follow-Ups:
  • Re: Syncing iptables rules between two servers
    • From: Jason Nicholls

• References:
  • Syncing iptables rules between two servers
    • From: Lars Solberg

• Prev by Date: Re: Syncing iptables rules between two servers
• Next by Date: Re: Syncing iptables rules between two servers
• Previous by thread: Re: Syncing iptables rules between two servers
• Next by thread: Re: Syncing iptables rules between two servers
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Syncing iptables rules between two servers ... Is there anyone that know about how I can "sync" iptables rules on two ... The plan is to have (on one of the servers) a ... See why so many companies trust Spy Sweeper Enterprise to eradicate spyware from their networks. ... (Security-Basics) Re: Syncing iptables rules between two servers ... The plan is to have (on one of the servers) a ... script that automaticly block ip adresses with iptables depending on ... Try Webroot's Spy Sweeper Enterprisefor 30 days for FREE with no ... FREE 30-Day Trial of Spy Sweeper Enterprise ... (Security-Basics) Re: Syncing iptables rules between two servers ... I'v started making a script for doing this in bash ... Syncing iptables rules between two servers ... Try Webroot's Spy Sweeper Enterprisefor 30 days for FREE with no ... (Security-Basics) Re: Syncing iptables rules between two servers ... The plan is to have (on one of the servers) a ... script that automaticly block ip adresses with iptables depending on ... shell script that sets up your firewall rules, and then run it with ssh ... (Security-Basics) Re: Syncing iptables rules between two servers ... Is there anyone that know about how I can "sync" iptables rules on two ... The plan is to have (on one of the servers) a ... See why so many companies trust Spy Sweeper Enterprise to eradicate spyware from their networks. ... (Security-Basics)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > security-basics  > 2006-04