LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-20-2006, 09:33 AM   #1
Richtown
Member
 
Registered: Apr 2006
Location: Portsmouth
Distribution: CentOS & Ubuntu
Posts: 49

Rep: Reputation: 15
PHP and IPTABLES


Hi all,

Running Apache 2, i have a php webpage and i want to be able to enter in 192.168.1.1 in a field press a submit button. Then when i press it i want to be able to ALLOW or BLOCK the ipaddress using iptables.

using BASH the command would be iptables -A INPUT -s 192.168.1.1 -P ICMP -J DROP

i want to be able to do this in php i save the 192.168.1.1 or any other address as a variable $ip_address and import it into the following code?

<?php
echo exec('iptables -A INPUT -s $ip_address -j DROP');
?>





im not sure if this is the correct code, i want to be able to block or allow it then display the results on the wedpage.

the reason i am doing this is for a project and cannot be done any other way!

could someone shed some light i have spent hours on the web searching how to do this and with no luck, this is a last resort and would really appreciate the help, if offered.

kind regards
Rich
 
Old 04-20-2006, 09:56 AM   #2
mikeyt_333
Member
 
Registered: Jun 2001
Location: Up in the clouds
Distribution: Fedora et al.
Posts: 353

Rep: Reputation: 30
The code looks solid, if you're comfortable allowing user input in a php firewall generator, I assume you're sanitizing this data? However, you have to remember that -A means to append, so that rule will be the last rule, and it may never be reached. What you probably want is the -I switch which allows you to insert a rule at a specific line. Look at the manpage for iptables, that should give you a good idea how to use -I and maybe resolve the issues you're having.

HTH,
Mike.
 
Old 04-20-2006, 10:41 AM   #3
cdhgee
Member
 
Registered: Oct 2003
Location: St Paul, MN
Distribution: Fedora 8, Fedora 9
Posts: 513

Rep: Reputation: 30
One note of warning:

PHP treats ' and " differently. Stuff inside ' quotes is not parsed by PHP, but stuff inside " is. You placed your $ip_address variable inside ' quotes, so the exec command executed by bash would have the literal text $ip_address in the command, rather than the substitution for 192.168.1.1 or whatever as you intended.

You have two options:

1. Use double quotes:

Code:
<?php
echo exec("iptables -A INPUT -s $ip_address -j DROP");
?>
2. Use string concatenation:

Code:
<?php
echo exec('iptables -A INPUT -s ' . $ip_address . ' -j DROP');
?>
 
Old 04-20-2006, 06:40 PM   #4
Richtown
Member
 
Registered: Apr 2006
Location: Portsmouth
Distribution: CentOS & Ubuntu
Posts: 49

Original Poster
Rep: Reputation: 15
ok thanx guys ill give that a try.

Thanx for the input!
 
Old 04-20-2006, 10:22 PM   #5
luckyluk
LQ Newbie
 
Registered: Apr 2006
Location: Colorado
Distribution: Fedora Core 4
Posts: 5

Rep: Reputation: 0
In addition to what cdhgee said, I also noticed that the "-P ICMP" is also missing. I am only pointing this out just in case it is not part of the $ip_address variable.
 
Old 04-21-2006, 04:21 AM   #6
Richtown
Member
 
Registered: Apr 2006
Location: Portsmouth
Distribution: CentOS & Ubuntu
Posts: 49

Original Poster
Rep: Reputation: 15
that now works but when i go into the Terminal and ping 192.168.1.1, it still allows it even tho i told it to block it in PHP script?

echo exec("iptables -I INPUT -s 192.168.1.1 -j DROP");

i am guessing that it is not saving the command?

could someone help me out?

Last edited by Richtown; 04-21-2006 at 04:23 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Running iptables from PHP Richtown Linux - Newbie 1 04-20-2006 07:52 AM
running iptables from php rookiepaul Linux - Security 20 03-29-2006 09:28 PM
iptables v1.2.9: Unknown arg `/sbin/iptables' Try `iptables -h' or 'iptables --help' Niceman2005 Linux - Security 4 12-29-2005 09:20 PM
php and iptables hkerssies Programming 3 10-22-2003 03:14 PM


All times are GMT -5. The time now is 07:20 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration