>----- Original Message ----- >From: "George Vieira" <georgev@xxxxxxxxxxxxxxxxxxxxxx> >To: "Allan Kissack" <lists@xxxxxxxxxxxxxxxxxxxxxxx>; <netfilter@xxxxxxxxxxxxxxxxxxx> >Sent: Monday, June 02, 2003 10:33 PM >Subject: RE: iptables from cgi script > > No your not missing anything.. But I like this idea for the fact that someone who wants to maliciously attack your site and also open your firewall if the commands can be run by other than root.. > > Your only (more secure) option is to authenticate the users and allow them to write the rules required to a file or a database and get root to read these and apply them in a seperate process.. > > > or just use webmin ;) www.webmin.com > > Thanks, > ____________________________________________ > George Vieira Thanks George, I already use webmin for admin, and write the rules via a command line. What I am looking for is a cgi script that displays the results of /sbin/iptables -L -n -v and allows no other iptables commands. This web server is protected from the outside by the iptables and is for convenient monitoring internally (ie dont need to go to a command line). Do you knwo of a way I can allow this? The script works except for the "can't initialize iptables table `filter': Permission denied (you must be root) Perhaps iptables or your kernel needs to be upgraded." security issue -- Allan
