A web, api and cli based system for managing lists of IP Addresses for whitelisting and blacklisting on Debian firewalls.
Methods for keeping firewalls in sync with latest changes to lists (possibly a server/agent architecture).
- Manage, update and sync via agent:
- push simple "ip route" updates
- push simple "ip rule" updates
- push simple "ip sets" updates (for iptables)
- push simple "bash" commands
[Server]
Management Interface
- Simple UI for managing "lists of things", and selecting from predefined "what to do with the lists".
- Scalable, optionally redundant, DB backend (from sqlite to postgres cluster)
- MessageQueue (RabbitMQ, or similar)
[Client]
Agent/slave daemon for running on linux host
- Read from MessageQueue
- IP Tables
- IP Rules
- IP Routes
- Shell Cmds
- Write to MessageQueue
- Status (last update/sync)