[TriLUG] Ideas about centralized managagment iptables via SNMP traps
Jon Carnes
jonc at nc.rr.com
Wed Mar 20 11:59:22 EST 2002
>
> 3. If I fat finger a rule and lock out remote admin, what do I do? I
> thought Compaq's lights-out card would solve this.
We have a base set of rules that are not allowed to be modified remotely.
That helps with the fat-finger-phenomena.
>
> 4. Will need to get a loadbalancer for firewalls that keeps state and
> hopefully does not require any network topology changes.
Were using LVS (Linux Virtual Server project) for this, and it works great.
Users are directed to the same firewall/server as long as their requests
come more than once every 10 minutes. The table flushes any entries older
than 10 minutes (this is configurable). Also if a firewall/server goes
down, then that machine is taken out of the rotation, and requests are
redirected to a different machine.
> Side motivation. More and more I see the need to collect and correlate
> data. To this end I am going to try to build Oracle
> database on my server at home. Once built, I plan on mucking around with
> populating the database with nmap output.
I suggest that you don't use Oracle. Instead use Postgres or one of the
Open Source databases. You'll be much happier in the long run.
Jon
More information about the TriLUG
mailing list