Re: iptables from cgi script

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>----- Original Message -----
>From: "George Vieira" <georgev@xxxxxxxxxxxxxxxxxxxxxx>
>To: "Allan Kissack" <lists@xxxxxxxxxxxxxxxxxxxxxxx>;
<netfilter@xxxxxxxxxxxxxxxxxxx>
>Sent: Monday, June 02, 2003 10:33 PM
>Subject: RE: iptables from cgi script
>

> No your not missing anything.. But I like this idea for the fact that
someone who wants to maliciously attack your site and also open your
firewall if the commands can be run by other than root..
>
> Your only (more secure) option is to authenticate the users and allow them
to write the rules required to a file or a database and get root to read
these and apply them in a seperate process..
>
>
> or just use webmin ;) www.webmin.com
>
> Thanks,
> ____________________________________________
> George Vieira


Thanks George,
I already use webmin for admin, and write the rules via a command line.
What I am looking for is a cgi script that displays the results of
/sbin/iptables -L -n -v and allows no other iptables commands.  This web
server is protected from the outside by the iptables and is for convenient
monitoring internally (ie dont need to go to a command line).  Do you knwo
of a way I can allow this?  The script works except for the "can't
initialize iptables table `filter': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded."  security issue

--
Allan




[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux