This is SELinux denying Apache the right to use sudo. SELinux is an extra security layer for the Linux kernel partially developed by the NSA. By default Red hat ships a "targeted" policy that only interferes with a couple of commonly exploited service, Apache being one of them. You can either turn off SELinux or modify the policy to allow it to execute sudo. A quick Google search will help you figure out how to do this.
Be aware, though, that what you are doing is very dangerous and SELinux is denying it for good reason. Basically, even a small bug in your PHP script can lead to a system compromise if it can be exploited to pass unfiltered user data to thew iptables command string. I certainly hope that you are properly santizing input to your PHP script!
|