LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 12-22-2009, 01:11 PM   #1
Legolas891
LQ Newbie
 
Registered: Apr 2009
Posts: 22

Rep: Reputation: 15
www-data execute iptables


Hi all,

I have a biiig question for you guys. What's safer, to give www-data root permissions to iptables to execute some rules or to give www-data root permossions to a script made by me, that executes the rule and recives the ip from the page?
Or do you have another safer ideas for doing that? (Perl, CGI, etc.)
All i want is to execute an iptables rule from php.

Thanks,
Mihai
 
Old 12-22-2009, 02:34 PM   #2
rweaver
Senior Member
 
Registered: Dec 2008
Location: Louisville, OH
Distribution: Debian, CentOS, Slackware, RHEL, Gentoo
Posts: 1,833

Rep: Reputation: 163Reputation: 163
If any part of the data is being submitted or sent by a webpage check your data very, very carefully check the data to make sure it is what you're looking for and only what you're looking for.

I'd be more inclined to write out a text file with just the 'variable' information in it and have a cron'd script read the file, validate the data, and execute the iptables command if necessary (and that has nothing to do with php, perl, or cgi... it' just a bit safer imo then letting a webapp call a system utility directly.)
 
Old 12-22-2009, 03:36 PM   #3
Legolas891
LQ Newbie
 
Registered: Apr 2009
Posts: 22

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by rweaver View Post
If any part of the data is being submitted or sent by a webpage check your data very, very carefully check the data to make sure it is what you're looking for and only what you're looking for.

I'd be more inclined to write out a text file with just the 'variable' information in it and have a cron'd script read the file, validate the data, and execute the iptables command if necessary (and that has nothing to do with php, perl, or cgi... it' just a bit safer imo then letting a webapp call a system utility directly.)
ok, but i want it to be more "real time". This is for a "message of the day" system of my clients behind a linux router. I redirect them every day by a cron job, and the idea is that when they access a web page, all http traffic is redirected to my apache server, and they acces a page with a message, and they have a button "Continue to requested page" wich executes iptables -D .... to delete the rule and redirects them to the requested page.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Why does www-data have /bin/sh as a shell? reverse Debian 2 11-18-2007 07:35 AM
Why send email from www-data@host.com? pk_kala Linux - Server 1 10-05-2007 06:32 AM
add www-data user restless Linux - Newbie 1 06-01-2004 07:51 AM
IPtables Log Analyzer from http://www.gege.org/iptables/ brainlego Linux - Software 0 08-11-2003 06:08 AM
My iptables script is /etc/sysconfig/iptables. How do i make this baby execute on boo ForumKid Linux - General 3 01-22-2002 07:36 AM


All times are GMT -5. The time now is 04:40 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration