Anssi Saari wrote: > I also need some way of pushing these firewall scripts and other config > stuff over to the machines too. It's not a huge network but manually > logging into each machine, overwriting /etc/nftables.conf and restarting > nftables.service is a pain. cdist looks interesting and simple, does > anyone have experience with it?
I have been somewhere there 20y ago. There was one tool cfengine then came many of the kind puppet, ansible etc. regarding the FW I have also had a "simple" firewall script, but few years ago I moved to shorewall In any case ssh can populate your script and do restart easily. however think about rollback scenarios ;-) regards