Results 1 to 2 of 2
Hi All, Anyone please suggest an idea for having a centralized database or something for firewall? My requirement is if we add ip to block in a centralized database it ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 10-13-2011 #1
- Join Date
- Apr 2011
Centalized database for firewall
Anyone please suggest an idea for having a centralized database or something for firewall? My requirement is if we add ip to block in a centralized database it should block in all servers.Anyone please suggest an idea for implementing this?
- 10-13-2011 #2
- Join Date
- May 2011
There may be something that already does this but I don't know of it. So...if I had to do it from scratch, I'd probably set up a MySQL server to house the (very small) centralized db. It would contain the table of "blacklisted" ip addresses. Each server could keep track of this list by querying the central server.
To that end, on all the servers, you'd have a simple shell script (run every hour or whatever) that would do the following:
1. query the central MySQL server for the list of blacklisted ips
2. if any changes are detected:
- modify the iptables configuration to reflect the changes
- restart iptables.
Hacky, but it does what you want.