hi,


I am using fail2ban on a server in the LAN to block connections from
suspicious servers. that works very well.

Now I want to block those ip-addresses already at the (otherwise
forwarding) gateway. I.e., I am looking for a method to synchronize
the iptables-rulesets or, better, to synchronize fail2ban. No, some HA-
solutions like ctsync/heartbeat might be too mighty ... I just want to
do something like

iptables -L | grep fail2ban | grep DROP

on the host in the LAN, take the ipadresses that should be blocked and
transfer them via rsync to the gateway and append the rules there to
iptables.

iptables-save on host 1 with iptables-restore on host 2 will not work,
because the rulesets are far from being identically.

any ideas? my idea is to use the transferred ip-addresses from host 1
for the use in a little shellscript on host 2, but that would be a
very, very complicated and ugly script:

- it would have to be transferred continiously, every minute via cron
or so
- it would have to take care from the ip-addresses that fail2ban has
released after the blocktime.

maybe there is a tool out there in opensourceland to fit my
needs ... ?


that would be great; otherwise, all help would be appreciated.



thanx and greetings


lasseboo