Is there anyone that know about how I can "sync" iptables rules on two
different servers? The plan is to have (on one of the servers) a
script that automaticly block ip adresses with iptables depending on
different conditions. When that ip adress is blocked I want it to
automaticly be blocked on another server to.
Personally, I'd pursue an rsync / ssh -c solution. Rsync a straight-up
shell script that sets up your firewall rules, and then run it with ssh
-c. If you set up your public keys properly on the remote server, you
can run the whole thing from a script with no human intervention..
I have a very similar setup, but I copy the file over manually and run it.
I have a big iptables -F at the beginning of the firewall script, which
takes care of any deleted rules. You may or may not want to do this
sort of thing, depending on your setup, but it's necessary for me. The
firewall script runs so fast that the temporary connection loss is not a
problem. YMMV.
I wrote an ip blocking script (yes there are tons of these) that
monitors logs and blocks IPs based on certain conditions. For each log
type you need a handler to work out what to look for and what to
track. The ones I have are for SSH and apache (access log). In addition
it has a "sync" log, so if you're running this on multiple hosts then it
will use SSH (need to use rsa/dsa auth) to sync the list of banned IPs
across hosts - all hosts can work together to ban.
Some good things are it'll setup and maintain iptables for you,
auto expire blocks, white lists etc...
It's written with Perl and it's under the GPL:
http://jason.mindsocket.com.au/pages/linux/ipb-monitor/
Jason.
