----- Original Message ----- From: "George Vieira" <georgev@xxxxxxxxxxxxxxxxxxxxxx> To: "Allan Kissack" <lists@xxxxxxxxxxxxxxxxxxxxxxx>; <netfilter@xxxxxxxxxxxxxxxxxxx> Sent: Monday, June 02, 2003 10:33 PM Subject: RE: iptables from cgi script > No your not missing anything.. But I like this idea for the fact that someone who wants to maliciously attack your site and also open your firewall if the commands can be run by other than root.. > > Your only (more secure) option is to authenticate the users and allow them to write the rules required to a file or a database and get root to read these and apply them in a seperate process.. > > > or just use webmin ;) www.webmin.com > > Thanks, > ____________________________________________ > George Vieira > Systems Manager > georgev@xxxxxxxxxxxxxxxxxxxxxx > > Citadel Computer Systems Pty Ltd > http://www.citadelcomputer.com.au > > Phone : +61 2 9955 2644 > HelpDesk: +61 2 9955 2698 > > > -----Original Message----- > From: Allan Kissack [mailto:lists@xxxxxxxxxxxxxxxxxxxxxxx] > Sent: Monday, June 02, 2003 5:35 PM > To: netfilter@xxxxxxxxxxxxxxxxxxx > Subject: iptables from cgi script > > > I used to be able to list my rules via a cgi script but since moving to > redhat 9 (iptables 1.2.7a) it fails. The reason given is "can't initialize > iptables table `filter': Permission denied (you must be root) Perhaps > iptables or your kernel needs to be upgraded." which is absolutely accurate > (because I get this logging in as a local user and running /sbin/iptables -L > too) - but I need to know how to achieve this. > I tried altering the group on /sbin and /sbin/iptables and adding my local > user to that, but still it fails. > > Am I missing something really obvious? Either way, your assistance/advice > is welcome. > > Thanks > > -- > Allan > > > > > > >
