LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-21-2006, 04:36 AM   #1
Richtown
Member
 
Registered: Apr 2006
Location: Portsmouth
Distribution: CentOS & Ubuntu
Posts: 49

Rep: Reputation: 15
Question php and iptables using APACHE


Hi all,

Running Apache 2, i have a php webpage and i want to be able to enter in 192.168.1.1 in a field press a submit button. Then when i press it i want to be able to ALLOW or BLOCK the ipaddress using iptables.

The command in php would be:

<?php
echo exec("iptables -I INPUT -s $allow_ip_address -j DROP");
echo ecec("ping -c 5 $ allow_ip_address");
?>

this doesnt seem to work tho, no matter what command i type in -D -I -A it will still ping to the string declaired

does it need to be saved to the original iptables.conf file for implementation to take place?

Kind Regards
Rich
 
Old 04-21-2006, 10:39 AM   #2
Agrouf
Senior Member
 
Registered: Sep 2005
Location: France
Distribution: LFS
Posts: 1,591

Rep: Reputation: 79
Does the apache server have root privileges? Because I believe you need to be root for iptables inserts.
 
Old 04-21-2006, 10:49 AM   #3
Richtown
Member
 
Registered: Apr 2006
Location: Portsmouth
Distribution: CentOS & Ubuntu
Posts: 49

Original Poster
Rep: Reputation: 15
I am the root user + i have changed the sudoers file to inlcude the following lines:

Cmnd_Alias IPTABLES=/sbin/iptables

# user privilege specification
root ALL=(ALL) ALL
apache ALL=NOPASSWD: IPTABLES
nobody ALL=NOPASSWD: IPTABLES


This solves the authentication problem, the php page runs fine with no errors. It just doesnt seem to do anything. I'm not sure if the PHP page has to be saved to iptables.conf for the rule to apply.

Last edited by Richtown; 04-21-2006 at 10:52 AM.
 
Old 04-21-2006, 10:59 AM   #4
Agrouf
Senior Member
 
Registered: Sep 2005
Location: France
Distribution: LFS
Posts: 1,591

Rep: Reputation: 79
Quote:
Originally Posted by Richtown
I'm not sure if the PHP page has to be saved to iptables.conf for the rule to apply.
I don't think so. php is supposed to call the command exactly like bash does, isn't it? In bash, you type the iptables command and it is effective straight. And iptables.conf is just a set of rules which are inserted with the iptables command anyway.
I still don't know what is wrong though.
 
Old 04-21-2006, 11:01 AM   #5
UK MAdMaN
Member
 
Registered: Jul 2004
Location: Manchester, England
Distribution: Gentoo
Posts: 211

Rep: Reputation: 30
Quote:
Originally Posted by Richtown
I am the root user
It doesn't matter what you're running as. Apache runs as it's own user, and if it doesn't have root access, no changes made will be saved.
 
Old 04-21-2006, 11:08 AM   #6
Richtown
Member
 
Registered: Apr 2006
Location: Portsmouth
Distribution: CentOS & Ubuntu
Posts: 49

Original Poster
Rep: Reputation: 15
It's really strange, all my other commands work in php, like display the time/date . . .etc. yeah your rite it's only a rule and doesnt need to be saved anywhere. I know it's taking the string in as my code displays it before the iptables command. Any suggestions for troubleshooting im stumpt?
 
Old 04-21-2006, 11:08 AM   #7
Agrouf
Senior Member
 
Registered: Sep 2005
Location: France
Distribution: LFS
Posts: 1,591

Rep: Reputation: 79
Did you try the command in bash and see if it works like that?
 
Old 04-21-2006, 11:10 AM   #8
Richtown
Member
 
Registered: Apr 2006
Location: Portsmouth
Distribution: CentOS & Ubuntu
Posts: 49

Original Poster
Rep: Reputation: 15
Quote:
Cmnd_Alias IPTABLES=/sbin/iptables

# user privilege specification
root ALL=(ALL) ALL
apache ALL=NOPASSWD: IPTABLES
nobody ALL=NOPASSWD: IPTABLES
ok, but i have still edited this file and it should resolve this? but then again i'm not to sure.
 
Old 04-21-2006, 11:13 AM   #9
Agrouf
Senior Member
 
Registered: Sep 2005
Location: France
Distribution: LFS
Posts: 1,591

Rep: Reputation: 79
add a sudo before iptables.
 
Old 04-21-2006, 11:13 AM   #10
Richtown
Member
 
Registered: Apr 2006
Location: Portsmouth
Distribution: CentOS & Ubuntu
Posts: 49

Original Poster
Rep: Reputation: 15
The command works fine in the Terminal, i can block an ip and allow an ip with the above code. No matter what i do in php the ip is always allowed.
 
Old 04-21-2006, 11:19 AM   #11
Richtown
Member
 
Registered: Apr 2006
Location: Portsmouth
Distribution: CentOS & Ubuntu
Posts: 49

Original Poster
Rep: Reputation: 15
Could u explain in "newbie" terms. sorry uve kind of lost me.
 
Old 04-21-2006, 11:22 AM   #12
Agrouf
Senior Member
 
Registered: Sep 2005
Location: France
Distribution: LFS
Posts: 1,591

Rep: Reputation: 79
try this :

<?php
echo exec("sudo iptables -I INPUT 1 -s $allow_ip_address -j DROP");
echo exec("ping -c 5 $allow_ip_address");
?>

Last edited by Agrouf; 04-21-2006 at 11:28 AM.
 
Old 04-21-2006, 11:34 AM   #13
Richtown
Member
 
Registered: Apr 2006
Location: Portsmouth
Distribution: CentOS & Ubuntu
Posts: 49

Original Poster
Rep: Reputation: 15
still no luck: this is the output i get.

192.168.1.1
rtt min/avg/max/mdev = 0.632/0.672/0.822/0.075 ms


The ip address can still be pinged.
 
Old 04-22-2006, 07:51 AM   #14
Agrouf
Senior Member
 
Registered: Sep 2005
Location: France
Distribution: LFS
Posts: 1,591

Rep: Reputation: 79
weird.
Tryed to use the system instead of exec?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache 2, PHP 5, SuSE 9.2 - cannot run php files dickohead Linux - Networking 6 06-28-2006 11:25 AM
php apache or php cgi - php learner rblampain Linux - Security 3 12-18-2004 12:10 AM
slackware, apache and PHP from .tgz - problems with PHP szymon Slackware 2 09-06-2004 05:57 PM
Apache php index.php problem neurotic Linux - Software 3 11-18-2003 07:02 PM
reinstalled apache, php, still no php support SuSE 8.2 hindenbergbaby Linux - Software 1 10-14-2003 02:42 PM


All times are GMT -5. The time now is 01:25 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration