RE: iptables from cgi script

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



No your not missing anything.. But I like this idea for the fact that someone who wants to maliciously attack your site and also open your firewall if the commands can be run by other than root..

Your only (more secure) option is to authenticate the users and allow them to write the rules required to a file or a database and get root to read these and apply them in a seperate process..


or just use webmin ;) www.webmin.com

Thanks,
____________________________________________
George Vieira
Systems Manager
georgev@xxxxxxxxxxxxxxxxxxxxxx

Citadel Computer Systems Pty Ltd
http://www.citadelcomputer.com.au

Phone   : +61 2 9955 2644
HelpDesk: +61 2 9955 2698
 

-----Original Message-----
From: Allan Kissack [mailto:lists@xxxxxxxxxxxxxxxxxxxxxxx]
Sent: Monday, June 02, 2003 5:35 PM
To: netfilter@xxxxxxxxxxxxxxxxxxx
Subject: iptables from cgi script


I used to be able to list my rules via a cgi script but since moving to
redhat 9 (iptables 1.2.7a) it fails. The reson given is "can't initialize
iptables table `filter': Permission denied (you must be root) Perhaps
iptables or your kernel needs to be upgraded." which is absolutley accurate
(because I get this logging in as a local user and running /sbin/iptables -L
too) - but I need to know how to achieve this.
I tried altering the group on /sbin and /sbin/iptables and adding my local
user to that, but still it fails.

Am I missing something really obvious?  Either way, your assistance/advice
is welcome.

Thanks

--
Allan







[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux