HACKER Q&A
📣 idlefeature

Best way to keep firewall up to date with changing IP lists?


I'm working on a firewall for our SCIM server. Our SCIM clients are various identity providers (Azure Active Directory, Okta, etc.). We've created IP allow lists based on the lists of IP addresses published by these identity providers, but the lists can and do change.

If we want to stick with an allow list-focused approach, what's the best way to keep our IP lists up to date? Are there notifications out there that we can subscribe to (I'm searching for these)? Is it better to just periodically fetch the lists and update our firewall? Is it better to not rely so heavily on an allow list and instead focus the firewall on something else?

Any help/advice/pointers would be appreciated. I'm new to firewall configuration and maintenance. I'm reaching out to the identity providers, but also want to learn more about best practices. Thanks!

  👤 seanthemon Accepted Answer ✓
The standard way is to periodically fetch and update unless your firewall gives you an API to work with. You could also register static ips for your server so the whitelisting is one and done.