I'm running 2 cPanel servers with ConfigServer Security & Firewall
plugin. One of the functions of the plugin is to block via iptables (temporarily and/or permanently) IPs which fail various authentications (POP3/IMAP, SMTP, FTP, webmail, mod_security and such).
Now, i'd like to push those IP blocks to the border router to drop packets as soon as possible (and doing so protecting the other machines on the network).
Keep in mind that after N failed logins IP is blocked for 5 minutes, then re-allowed. If multiple bans occours in an hour IP is blocked permanently and should be unlocked "by hand". So I need a near realtime solution.
What I'm looking for is a better way than firing some cronjobs both on cPanels and border router to:
- dump the rules to file
- transfer the file to border router (via scp/sftp)
- load the rules from the file in the border router
I'm aware that I will need some scripts to parse and modify the rules as cPanels have one ethernet interface and some aliases while border router has two ehternet interfaces and some loopbacks.
All machines involved use Linux.
EDIT as per @pjmorse comment.
The plugin consists of a bunch of perl and config files. The part I'm intrested in is a process which scans logfiles (lfd
) and installs iptables
rules (and sends an alert email). Fact is, it upgrades quite often (one or two times a week) and itself is >7000 lines of perl so I'm not comfortable on tampering with it.