[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Firewall script builders

Hi, Jon...

On Fri, Sep 05, 2003 at 09:41:20AM +1000, Jonathan Oxer wrote:
> If you've got key-based SSH authentication from your machine to your
> firewall box, a distribution script can be as trivial as:
> #!/bin/sh
> afile=firewall1.fw
> scp $afile root@
> echo "SCPd $afile to firewall1"
> ssh root@ /etc/firewall/firewall1.fw
> echo "Executed new firewall script"

Or as simple and nice as:

for fw in firewall-1 firewall-2 firewall-3; do
	fwb_ipt -f rulebase.xml $fw
scp ${fw}.fw root@${fw}:/etc/network/firewall.sh
ssh ${fw} -l root /etc/network/firewall.sh

This has the advantage of building all rule sets and distributing them.
I tend to use the same groups for different firewalls. This script
enables me to recompile and activate all of them at once. I really love
it that the compiler is executable from the shell.

Re-cheers... :)


".signature" [Modified] 3 lines --100%--                3,41         All

Reply to: