Re: iptables from cgi script

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



----- Original Message -----
From: "George Vieira" <georgev@xxxxxxxxxxxxxxxxxxxxxx>
To: "Allan Kissack" <lists@xxxxxxxxxxxxxxxxxxxxxxx>;
<netfilter@xxxxxxxxxxxxxxxxxxx>
Sent: Monday, June 02, 2003 10:33 PM
Subject: RE: iptables from cgi script


> No your not missing anything.. But I like this idea for the fact that
someone who wants to maliciously attack your site and also open your
firewall if the commands can be run by other than root..
>
> Your only (more secure) option is to authenticate the users and allow them
to write the rules required to a file or a database and get root to read
these and apply them in a seperate process..
>
>
> or just use webmin ;) www.webmin.com
>
> Thanks,
> ____________________________________________
> George Vieira
> Systems Manager
> georgev@xxxxxxxxxxxxxxxxxxxxxx
>
> Citadel Computer Systems Pty Ltd
> http://www.citadelcomputer.com.au
>
> Phone   : +61 2 9955 2644
> HelpDesk: +61 2 9955 2698
>
>
> -----Original Message-----
> From: Allan Kissack [mailto:lists@xxxxxxxxxxxxxxxxxxxxxxx]
> Sent: Monday, June 02, 2003 5:35 PM
> To: netfilter@xxxxxxxxxxxxxxxxxxx
> Subject: iptables from cgi script
>
>
> I used to be able to list my rules via a cgi script but since moving to
> redhat 9 (iptables 1.2.7a) it fails. The reason given is "can't initialize
> iptables table `filter': Permission denied (you must be root) Perhaps
> iptables or your kernel needs to be upgraded." which is absolutely
accurate
> (because I get this logging in as a local user and running
/sbin/iptables -L
> too) - but I need to know how to achieve this.
> I tried altering the group on /sbin and /sbin/iptables and adding my local
> user to that, but still it fails.
>
> Am I missing something really obvious?  Either way, your assistance/advice
> is welcome.
>
> Thanks
>
> --
> Allan
>
>
>
>
>
>
>



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux