Results 1 to 2 of 2
Hi All,
Anyone please suggest an idea for having a centralized database or something for firewall? My requirement is if we add ip to block in a centralized database it ...
- 10-13-2011 #1Just Joined!
- Join Date
- Apr 2011
- Posts
- 3
Centalized database for firewall
Hi All,
Anyone please suggest an idea for having a centralized database or something for firewall? My requirement is if we add ip to block in a centralized database it should block in all servers.Anyone please suggest an idea for implementing this?
Thanks
- 10-13-2011 #2Linux Guru
- Join Date
- May 2011
- Posts
- 1,813
There may be something that already does this but I don't know of it. So...if I had to do it from scratch, I'd probably set up a MySQL server to house the (very small) centralized db. It would contain the table of "blacklisted" ip addresses. Each server could keep track of this list by querying the central server.
To that end, on all the servers, you'd have a simple shell script (run every hour or whatever) that would do the following:
1. query the central MySQL server for the list of blacklisted ips
2. if any changes are detected:
- modify the iptables configuration to reflect the changes
- restart iptables.
Hacky, but it does what you want.
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
