Sure, that's always possible, with a few security caveats..
The iptables rules can be loaded, added, removed dynamically..
That could be scripted via php or perl from a webpage on the firewall or remote.
Rules need to be operated on as root user, which is the security risk.. allowing a script that much privelege..
A typical example would be only allowing web access to users that have dhcp leases in group "web"..
Have a look at the
iptables tutorial for a broad overview of what's controllable.
There's also a
netfilter patch-o-matic system to build even more features..