A company has a server(S) running on Linux hosted somewhere which is publicly accessible. You need to restrict its access to only 2 whitelisted IP addresses: 210.212.85.155 and X on ports 22, 443, 80.
X is the IP address of this company's headquarters.
The company's headquarters does not have a static IP and keeps on changing, which requires staff to manually grant the access to the new IP address.
-
For fetching the IP created an API which will hosted at Server-X (On GET request to this route /getUpdatedIP) (Create API by NodeJS)
-
Created an Python Script which making the GET request and find the IP after that it will check with exitsing one where it is mainting IP data in an variable file (of ansible),
- If that last IP not matches with current IP then it will update the variable file of the ansible where deny-var now become the previous IP and allow-var become the current IP.
- Now, Finally it will trigger the ansible-playbook.
- Else it will exit with message (IP not change).
- If that last IP not matches with current IP then it will update the variable file of the ansible where deny-var now become the previous IP and allow-var become the current IP.
-
For Configuring Firewall Created an Ansible Role. - First Deny the traffic from the last IP (Getting last IP by the Help of Variable File) on respected Port number's. - Then allow the traffic for new IP on respected Port number's.
-
Python Script can be triggered by two ways :-
- By Scheduled CronJob (Dynamically) according to the configured time Or We can also able to setup the periodic trigger in Jenkins (i.e [Build Trigger]) (https://github.com/Shashwatsingh22/Dynamically-Firwall-Update/tree/python-script#readme)
- By Run JobJenkins (Manually)
Complete Architecture Structure
Working