cfengine is a tool for centralised administration of any number of hosts. iptables is the Linux firewall management tool (netfilter is the code inside the Linux kernel, iptables is the command line tool).

( Here are some random articles about handling iptables in a cfengine world )