RE: iptables from cgi script

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



run a crontab which updates a file... eg.

#vi /etc/crontab
*/5 * * * * root /sbin/iptables -L -v -n -x > /home/httpd/html/iptablesrules.txt

Thanks,
____________________________________________
George Vieira
Systems Manager
georgev@xxxxxxxxxxxxxxxxxxxxxx

Citadel Computer Systems Pty Ltd
http://www.citadelcomputer.com.au
 

-----Original Message-----
From: Allan Kissack [mailto:lists@xxxxxxxxxxxxxxxxxxxxxxx]
Sent: Tuesday, June 03, 2003 5:28 PM
To: George Vieira; netfilter@xxxxxxxxxxxxxxxxxxx
Subject: Re: iptables from cgi script


>----- Original Message -----
>From: "George Vieira" <georgev@xxxxxxxxxxxxxxxxxxxxxx>
>To: "Allan Kissack" <lists@xxxxxxxxxxxxxxxxxxxxxxx>;
<netfilter@xxxxxxxxxxxxxxxxxxx>
>Sent: Monday, June 02, 2003 10:33 PM
>Subject: RE: iptables from cgi script
>

> No your not missing anything.. But I like this idea for the fact that
someone who wants to maliciously attack your site and also open your
firewall if the commands can be run by other than root..
>
> Your only (more secure) option is to authenticate the users and allow them
to write the rules required to a file or a database and get root to read
these and apply them in a seperate process..
>
>
> or just use webmin ;) www.webmin.com
>
> Thanks,
> ____________________________________________
> George Vieira


Thanks George,
I already use webmin for admin, and write the rules via a command line.
What I am looking for is a cgi script that displays the results of
/sbin/iptables -L -n -v and allows no other iptables commands.  This web
server is protected from the outside by the iptables and is for convenient
monitoring internally (ie dont need to go to a command line).  Do you knwo
of a way I can allow this?  The script works except for the "can't
initialize iptables table `filter': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded."  security issue

--
Allan





[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux