No your not missing anything.. But I like this idea for the fact that someone who wants to maliciously attack your site and also open your firewall if the commands can be run by other than root.. Your only (more secure) option is to authenticate the users and allow them to write the rules required to a file or a database and get root to read these and apply them in a seperate process.. or just use webmin ;) www.webmin.com Thanks, ____________________________________________ George Vieira Systems Manager georgev@xxxxxxxxxxxxxxxxxxxxxx Citadel Computer Systems Pty Ltd http://www.citadelcomputer.com.au Phone : +61 2 9955 2644 HelpDesk: +61 2 9955 2698 -----Original Message----- From: Allan Kissack [mailto:lists@xxxxxxxxxxxxxxxxxxxxxxx] Sent: Monday, June 02, 2003 5:35 PM To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: iptables from cgi script I used to be able to list my rules via a cgi script but since moving to redhat 9 (iptables 1.2.7a) it fails. The reson given is "can't initialize iptables table `filter': Permission denied (you must be root) Perhaps iptables or your kernel needs to be upgraded." which is absolutley accurate (because I get this logging in as a local user and running /sbin/iptables -L too) - but I need to know how to achieve this. I tried altering the group on /sbin and /sbin/iptables and adding my local user to that, but still it fails. Am I missing something really obvious? Either way, your assistance/advice is welcome. Thanks -- Allan
