Mass editing firewall on Rackspace Cloud.

A lot of our customers in Rackspace cloud has been asking how to mass edit firewalls of servers when you have multiple servers without doing it manually.

Part of my cloudservers-api-demo I have written a simple firewall scripts abstracting the Operating System firewall software to allow/enable/disable the firewall and ports/networks.

The script has been kept very simple by design and currently allow only to :

  • enable the firewall

  • disable the firewall

  • allow or disallow a port or a network

  • see firewall status


  • A management server under Ubuntu maverick.

  • A supported Operating System for clients which includes :

  • Debian.

  • Ubuntu.

  • RHEL.

  • Fedora

  • My patched python-cloudservers library (see below for installs).

  • Your SSH key installed on all VM for root users.


  • After you have kicked a VM with a Ubuntu maverick and connected to it as root you want first execute intall some prereq packages :

apt-get update && apt-get -y install python-stdeb git

checkout my python-cloudservers library :

git clone git://

after being checked-out you will go into the python-cloudservers directory which has just been created and do this :

cd python-cloudservers/
python install

this should automatically install all the dependences.

Now you can install my api-demo which include the firewall script :

cd ../
git clone git://

You need to configure some environemnt variable first which keep information about your rackspace account.

edit your ~/.bashrc (or /etc/environement if you want to make it global) and configure those variable :

export UK_RCLOUD_AURL=""

or for the US you would have :

export UK_RCLOUD_AURL=""

source the ~/.bashrc or relog into your account to have those accounts set-up you can test it to see if that works by going to :


and launch the command :


to test if this is working properly (it should list your servers for your DATACENTER)

you are now basically ready to mass update firewall on all servers.

Let’s say you have two web servers named web1 and web2 and two db servers named db1 and db2 and you would like to allow the 80 port on the web servers and 3306 port on the db servers.

You would have to go to this directory :


and first execute this command to see the help/usages :

./ --help

so let’s say to enable the firewall on all the web and db server first you can do :

./ -s "web db" enable

it will connect and enable the firewall on all the servers which match the name web and db.

now let’s say we want to enable port 80 on the web :

./ -s "web" allow port 80

if you log into the servers you can check with

iptables -L -n

that it it has been enabled properly.

This is simple enough for you to modify the script to your liking to make it more modular for your specific environement.

One thought on “Mass editing firewall on Rackspace Cloud.”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.