Transfer iptables rules to another server (almost) real time

Posted by MrShunz on Server Fault See other posts from Server Fault or by MrShunz
Published on 2012-03-29T07:23:11Z Indexed on 2012/03/29 23:31 UTC
Read the original article Hit count: 190

Filed under:

I'm running 2 cPanel servers with ConfigServer Security & Firewall plugin. One of the functions of the plugin is to block via iptables (temporarily and/or permanently) IPs which fail various authentications (POP3/IMAP, SMTP, FTP, webmail, mod_security and such).

Now, i'd like to push those IP blocks to the border router to drop packets as soon as possible (and doing so protecting the other machines on the network).

Keep in mind that after N failed logins IP is blocked for 5 minutes, then re-allowed. If multiple bans occours in an hour IP is blocked permanently and should be unlocked "by hand". So I need a near realtime solution.

What I'm looking for is a better way than firing some cronjobs both on cPanels and border router to:

  • dump the rules to file
  • transfer the file to border router (via scp/sftp)
  • load the rules from the file in the border router

I'm aware that I will need some scripts to parse and modify the rules as cPanels have one ethernet interface and some aliases while border router has two ehternet interfaces and some loopbacks.

All machines involved use Linux.

EDIT as per @pjmorse comment.

The plugin consists of a bunch of perl and config files. The part I'm intrested in is a process which scans logfiles (lfd) and installs iptables rules (and sends an alert email). Fact is, it upgrades quite often (one or two times a week) and itself is >7000 lines of perl so I'm not comfortable on tampering with it.

© Server Fault or respective owner