Hi, Jon...
On Fri, Sep 05, 2003 at 09:41:20AM +1000, Jonathan Oxer wrote:
> If you've got key-based SSH authentication from your machine to your
> firewall box, a distribution script can be as trivial as:
>
> #!/bin/sh
> afile=firewall1.fw
> scp $afile [EMAIL PROTECTED]:/etc/firewall/
> echo "SCPd $afile to firewall1"
> ssh [EMAIL PROTECTED] /etc/firewall/firewall1.fw
> echo "Executed new firewall script"
Or as simple and nice as:
#!/bin/sh
for fw in firewall-1 firewall-2 firewall-3; do
fwb_ipt -f rulebase.xml $fw
scp ${fw}.fw [EMAIL PROTECTED]:/etc/network/firewall.sh
ssh ${fw} -l root /etc/network/firewall.sh
done
This has the advantage of building all rule sets and distributing them.
I tend to use the same groups for different firewalls. This script
enables me to recompile and activate all of them at once. I really love
it that the compiler is executable from the shell.
Re-cheers... :)
Christoph
--
~
~
".signature" [Modified] 3 lines --100%-- 3,41 All
