Re: Firewall script builders
On Fri, 5 Sep 2003 10:12:33 +0200,
Christoph Haas <email@christoph-haas.de> wrote in message
<[🔎] 20030905081233.GA585@torf.workaround.org>:
> Hi, Jon...
>
> On Fri, Sep 05, 2003 at 09:41:20AM +1000, Jonathan Oxer wrote:
> > If you've got key-based SSH authentication from your machine to your
> > firewall box, a distribution script can be as trivial as:
> >
> > #!/bin/sh
> > afile=firewall1.fw
> > scp $afile root@192.168.0.1:/etc/firewall/
> > echo "SCPd $afile to firewall1"
> > ssh root@192.168.0.1 /etc/firewall/firewall1.fw
> > echo "Executed new firewall script"
>
> Or as simple and nice as:
>
> #!/bin/sh
> for fw in firewall-1 firewall-2 firewall-3; do
..or:" for fw in firewall-`seq 1 1 254 `; do " ;-)
> fwb_ipt -f rulebase.xml $fw
> scp ${fw}.fw root@${fw}:/etc/network/firewall.sh
> ssh ${fw} -l root /etc/network/firewall.sh
> done
>
> This has the advantage of building all rule sets and distributing
> them. I tend to use the same groups for different firewalls. This
> script enables me to recompile and activate all of them at once. I
> really love it that the compiler is executable from the shell.
>
> Re-cheers... :)
>
> Christoph
>
--
..med vennlig hilsen = with Kind Regards from Arnt... ;-)
...with a number of polar bear hunters in his ancestry...
Scenarios always come in sets of three:
best case, worst case, and just in case.
Reply to: