Best practice for managing a whitelist of ips across multiple servers with iptables?

Question

I was wondering what the best practice for managing a whitelist of ip address across multiple servers? We want to allow our user base to add an ip address they want to whitelist through a web interface and then have that ip address added,deleted or modified to all servers.

I was thinking of programming a script to do it via python or bash and login into each server with keyless ssh and apply the rules but surely there must be a better method to achieve this.

Any advice?

Thanks all!

If they are all on the same logical network segment probably a external firewall between them all would be best. — Matthew Ife, Nov 04 '15 at 18:54

score 1 · Answer 1 · answered Nov 04 '15 at 18:54

1

Use a configuration management tool. There are several to choose from.

answered Nov 04 '15 at 18:54

user9517

115,471
20
215
297

Do you have any recommendations a configuration management tool? – John Nguyen Nov 04 '15 at 19:14
1

@JohnNguyen Ansible or Salt are typically the easiest ones to get started with. – EEAA Nov 04 '15 at 20:18

Best practice for managing a whitelist of ips across multiple servers with iptables?

1 Answers1