How to maintain and deploy configurations for CSF firewall for several Ubuntu Linux servers

[spinozarabel]

How to maintain and deploy configurations for CSF firewall for several Ubuntu Linux servers?

Currently I maintain configurations for each server separately on my PC. If and when I make a change or improvement I manually ripple it across all the configurations and upload to my servers. This is error prone and tedious. (A configuration is a set of files such as csf.conf, csf.allow, csf.ignore, csf.pignore, csf.dyndns).

I am thinking of using a private git repository for this purpose. Each server configuration will be a different branch. On any server I will have a repository in my home directory cloning this private git repository. In the /etc/csf directory I will symlink the csf.conf, csf.allow, csf.pignore, csf.dyndns to the files in the repository in my home directory. Now updating a repository is as easy as doing a git pull to the appropriate branch. My questions are: Is this a good way to do this? Are there better recommended ways to do this? Will CSF automatic updates work?

[sl0m0]

If your config is the same across all csf instances, you can activate them as a csf cluster and nominate one as your master (CLUSTER_MASTER and CLUSTER_CONFIG=1). You can then issue the "csf -cf filename" via a script and the "filename" you specify will be sent to all cluster members. Script this and run via a cron and all your cluster members are automatically kept in sync with the config.