Find the answer to your Linux question:
Results 1 to 2 of 2
Hi All, Anyone please suggest an idea for having a centralized database or something for firewall? My requirement is if we add ip to block in a centralized database it ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Apr 2011
    Posts
    3

    Centalized database for firewall


    Hi All,

    Anyone please suggest an idea for having a centralized database or something for firewall? My requirement is if we add ip to block in a centralized database it should block in all servers.Anyone please suggest an idea for implementing this?


    Thanks

  2. #2
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,307
    There may be something that already does this but I don't know of it. So...if I had to do it from scratch, I'd probably set up a MySQL server to house the (very small) centralized db. It would contain the table of "blacklisted" ip addresses. Each server could keep track of this list by querying the central server.

    To that end, on all the servers, you'd have a simple shell script (run every hour or whatever) that would do the following:
    1. query the central MySQL server for the list of blacklisted ips
    2. if any changes are detected:
    - modify the iptables configuration to reflect the changes
    - restart iptables.

    Hacky, but it does what you want.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •