* Updating multple iptables on servers
@ 2004-06-08 7:46 Thomas Kristensen
2004-06-10 9:43 ` John A. Sullivan III
0 siblings, 1 reply; 7+ messages in thread
From: Thomas Kristensen @ 2004-06-08 7:46 UTC (permalink / raw)
To: netfilter
Is it possible to update iptables from a central server. I got 25 servers
using the same firewall and i need something to update them all from a
central server.
Any ideas?
Hilsen Thomas Kristensen
^ permalink raw reply [flat|nested] 7+ messages in thread
* Updating multple iptables on servers
@ 2004-06-08 8:09 hyper
2004-06-08 8:31 ` Chris Brenton
` (2 more replies)
0 siblings, 3 replies; 7+ messages in thread
From: hyper @ 2004-06-08 8:09 UTC (permalink / raw)
To: netfilter
Is it possible to update iptables from a central server. I got 25 servers
using the same firewall and i need something to update them all from a
central server.
Any ideas?
Hilsen Thomas Kristensen
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Updating multple iptables on servers
2004-06-08 8:09 Updating multple iptables on servers hyper
@ 2004-06-08 8:31 ` Chris Brenton
2004-06-08 8:33 ` Antony Stone
2004-06-08 11:02 ` John A. Sullivan III
2 siblings, 0 replies; 7+ messages in thread
From: Chris Brenton @ 2004-06-08 8:31 UTC (permalink / raw)
To: hyper; +Cc: netfilter
On Tue, 2004-06-08 at 04:09, hyper@ubn.dk wrote:
>
> Is it possible to update iptables from a central server. I got 25 servers
> using the same firewall and i need something to update them all from a
> central server.
>
> Any ideas?
Fanout is your friend:
http://www.stearns.org/fanout/
To quote the docs: "This tool will run commands on multiple machines at
the same time via ssh."
Bill has a number of excellent Linux tools up on his site, this being
one of them.
HTH,
Chris
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Updating multple iptables on servers
2004-06-08 8:09 Updating multple iptables on servers hyper
2004-06-08 8:31 ` Chris Brenton
@ 2004-06-08 8:33 ` Antony Stone
2004-06-08 11:02 ` John A. Sullivan III
2 siblings, 0 replies; 7+ messages in thread
From: Antony Stone @ 2004-06-08 8:33 UTC (permalink / raw)
To: netfilter
On Tuesday 08 June 2004 9:09 am, hyper@ubn.dk wrote:
> Is it possible to update iptables from a central server. I got 25 servers
> using the same firewall and i need something to update them all from a
> central server.
>
> Any ideas?
Rsync or scp, then iptables-restore?
Antony.
--
This email is intended for the use of the individual addressee(s) named above
and may contain information that is confidential, privileged or unsuitable
for overly sensitive persons with low self-esteem, no sense of humour, or
irrational religious beliefs.
If you have received this email in error, you are required to shred it
immediately, add some nutmeg, three egg whites and a dessertspoonful of
caster sugar. Whisk until soft peaks form, then place in a warm oven for 40
minutes. Remove promptly and let stand for 2 hours before adding some
decorative kiwi fruit and cream. Then notify me immediately by return email
and eat the original message.
Please reply to the list;
please don't CC me.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Updating multple iptables on servers
2004-06-08 8:09 Updating multple iptables on servers hyper
2004-06-08 8:31 ` Chris Brenton
2004-06-08 8:33 ` Antony Stone
@ 2004-06-08 11:02 ` John A. Sullivan III
2 siblings, 0 replies; 7+ messages in thread
From: John A. Sullivan III @ 2004-06-08 11:02 UTC (permalink / raw)
To: hyper; +Cc: netfilter
On Tue, 2004-06-08 at 04:09, hyper@ubn.dk wrote:
> Is it possible to update iptables from a central server. I got 25 servers
> using the same firewall and i need something to update them all from a
> central server.
>
> Any ideas?
>
> Hilsen Thomas Kristensen
Although it is still a few months away from release, ISCS
(http://iscs.sourceforge.net) will help you do this. It will also
manage any VPN and router configurations and, eventually, even the layer
two configuration. It will do this just as easily if every firewall is
different - the work is the same - describe the environment and ISCS
automatically creates and distributes the list of rules to create that
environment. I wish I could tell you it's here and ready for use but
it's still in very active development. We're working on the last of the
iptables modules as I write - John
--
Open Source Development Corporation
Financially sustainable open source development
http://www.opensourcedevelopmentcorp.com
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Updating multple iptables on servers
2004-06-08 7:46 Thomas Kristensen
@ 2004-06-10 9:43 ` John A. Sullivan III
2004-06-10 10:40 ` Antony Stone
0 siblings, 1 reply; 7+ messages in thread
From: John A. Sullivan III @ 2004-06-10 9:43 UTC (permalink / raw)
To: Thomas Kristensen; +Cc: netfilter
On Tue, 2004-06-08 at 03:46, Thomas Kristensen wrote:
> Is it possible to update iptables from a central server. I got 25 servers
> using the same firewall and i need something to update them all from a
> central server.
>
> Any ideas?
>
> Hilsen Thomas Kristensen
Strange . . . I thought I saw this identical post a few days ago!
Although it is still a few months away from release, ISCS
(http://iscs.sourceforge.net) will help you do this. It will also
manage any VPN and router configurations and, eventually, even the layer
two configuration. It will do this just as easily if every firewall is
different - the work is the same - describe the environment and ISCS
automatically creates and distributes the list of rules to create that
environment. I wish I could tell you it's here and ready for use but
it's still in very active development. We're working on the last of the
iptables modules as I write.
fwbuilder (http://www.fwbuilder.org) is quite a good product more along
the lines of traditional firewall GUI's and is available now.
- John
--
Open Source Development Corporation
Financially sustainable open source development
http://www.opensourcedevelopmentcorp.com
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Updating multple iptables on servers
2004-06-10 9:43 ` John A. Sullivan III
@ 2004-06-10 10:40 ` Antony Stone
0 siblings, 0 replies; 7+ messages in thread
From: Antony Stone @ 2004-06-10 10:40 UTC (permalink / raw)
To: netfilter
On Thursday 10 June 2004 10:43 am, John A. Sullivan III wrote:
> On Tue, 2004-06-08 at 03:46, Thomas Kristensen wrote:
> > Is it possible to update iptables from a central server. I got 25 servers
> > using the same firewall and i need something to update them all from a
> > central server.
> >
> > Any ideas?
> >
> > Hilsen Thomas Kristensen
>
> Strange . . . I thought I saw this identical post a few days ago!
So did I.
Chris Brenton's answer looked promising:
http://www.stearns.org/fanout
Let us know if it meets your needs, or if problems remain.
Regards,
Antony.
--
"Linux is going to be part of the future. It's going to be like Unix was."
- Peter Moore, Asia-Pacific general manager, Microsoft
Please reply to the list;
please don't CC me.
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2004-06-10 10:40 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-06-08 8:09 Updating multple iptables on servers hyper
2004-06-08 8:31 ` Chris Brenton
2004-06-08 8:33 ` Antony Stone
2004-06-08 11:02 ` John A. Sullivan III
-- strict thread matches above, loose matches on Subject: below --
2004-06-08 7:46 Thomas Kristensen
2004-06-10 9:43 ` John A. Sullivan III
2004-06-10 10:40 ` Antony Stone
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.