Am Sonntag, den 01.11.2009, 21:07 +0100 schrieb Karanbir Singh: > On 10/31/2009 10:01 PM, Christoph Maser wrote: > >> Just wondering what people use / recommend to keep multiple machines in > >> sync with their iptables policy. > >> > > I did use fwbuilder it can create and deploy rules. For a small number > > of machines it worked well for me. > > > > how do you achieve the actual 'distribution' of content ? It compiles shell scripts which are simply copied and launched. From the FAQ: ---------------------------------------------------------------------- 1) you can simply copy it to the firewall machine and then run it by hand; 2) you can use built-in installer and 3) you can use a shell script to copy this file to where it should be and then run it. Built-in installer uses ssh to communicate with the firewall, ---------------------------------------------------------------------- You could propably also simply commit the compiled rules to some repository and have puppet ship/execute the files. One thing i really liked about fwbuilder is that you have a central object pool for custom ports, ip addresses and networks which you can use in different firewall rulesets so if something updates you simply recomplile/distribute all firewall rules. Chris financial.com AG Munich head office/Hauptsitz München: Maria-Probst-Str. 19 | 80939 München | Germany Frankfurt branch office/Niederlassung Frankfurt: Messeturm | Friedrich-Ebert-Anlage 49 | 60327 Frankfurt | Germany Management board/Vorstand: Dr. Steffen Boehnert | Dr. Alexis Eisenhofer | Dr. Yann Samson | Matthias Wiederwach Supervisory board/Aufsichtsrat: Dr. Dr. Ernst zur Linden (chairman/Vorsitzender) Register court/Handelsregister: Munich – HRB 128 972 | Sales tax ID number/St.Nr.: DE205 370 553