run a crontab which updates a file... eg. #vi /etc/crontab */5 * * * * root /sbin/iptables -L -v -n -x > /home/httpd/html/iptablesrules.txt Thanks, ____________________________________________ George Vieira Systems Manager georgev@xxxxxxxxxxxxxxxxxxxxxx Citadel Computer Systems Pty Ltd http://www.citadelcomputer.com.au -----Original Message----- From: Allan Kissack [mailto:lists@xxxxxxxxxxxxxxxxxxxxxxx] Sent: Tuesday, June 03, 2003 5:28 PM To: George Vieira; netfilter@xxxxxxxxxxxxxxxxxxx Subject: Re: iptables from cgi script >----- Original Message ----- >From: "George Vieira" <georgev@xxxxxxxxxxxxxxxxxxxxxx> >To: "Allan Kissack" <lists@xxxxxxxxxxxxxxxxxxxxxxx>; <netfilter@xxxxxxxxxxxxxxxxxxx> >Sent: Monday, June 02, 2003 10:33 PM >Subject: RE: iptables from cgi script > > No your not missing anything.. But I like this idea for the fact that someone who wants to maliciously attack your site and also open your firewall if the commands can be run by other than root.. > > Your only (more secure) option is to authenticate the users and allow them to write the rules required to a file or a database and get root to read these and apply them in a seperate process.. > > > or just use webmin ;) www.webmin.com > > Thanks, > ____________________________________________ > George Vieira Thanks George, I already use webmin for admin, and write the rules via a command line. What I am looking for is a cgi script that displays the results of /sbin/iptables -L -n -v and allows no other iptables commands. This web server is protected from the outside by the iptables and is for convenient monitoring internally (ie dont need to go to a command line). Do you knwo of a way I can allow this? The script works except for the "can't initialize iptables table `filter': Permission denied (you must be root) Perhaps iptables or your kernel needs to be upgraded." security issue -- Allan
