I am using fail2ban on a server in the LAN to block connections from
suspicious servers. that works very well.
Now I want to block those ip-addresses already at the (otherwise
forwarding) gateway. I.e., I am looking for a method to synchronize
the iptables-rulesets or, better, to synchronize fail2ban. No, some HA-
solutions like ctsync/heartbeat might be too mighty ... I just want to
do something like
iptables -L | grep fail2ban | grep DROP
on the host in the LAN, take the ipadresses that should be blocked and
transfer them via rsync to the gateway and append the rules there to
iptables-save on host 1 with iptables-restore on host 2 will not work,
because the rulesets are far from being identically.
any ideas? my idea is to use the transferred ip-addresses from host 1
for the use in a little shellscript on host 2, but that would be a
very, very complicated and ugly script:
- it would have to be transferred continiously, every minute via cron
- it would have to take care from the ip-addresses that fail2ban has
released after the blocktime.
maybe there is a tool out there in opensourceland to fit my
needs ... ?
that would be great; otherwise, all help would be appreciated.
thanx and greetings