LinuxQuestions.org
Help answer threads with 0 replies.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Dynamic change of iptables rules using web interface
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 09-07-2007, 04:35 AM   #1
OgeeN
LQ Newbie
 
Registered: Jul 2006
Posts: 5

Rep: Reputation: 0
Dynamic change of iptables rules using web interface

Helo,
kerio WinROute firewall has one interesting feature. This feature allows inserting firewall rules based on username that was used to log into firewallīs web interface. So user insert his username and password into webform, firewall authenticates him against Active Directory and insert predefined rules for ip address the user logged from.

My boss likes this feature so much, that I was charged to find or write linux equivalent.

I do not think that is very big problem, but also it is not trivia task. Especially because we are handling with security

In fact I used similar system in my former job to limit access to internet for specific ip or mac address.

This system uses mysql database, web interface and one php and one bash script. From web interface was I run bash script and this script started php script and then refreshed firewall. The php script loaded from mysql database ip addresse with flag that denies internet access and these ip addresses were written to file called blacklist. Our firewall (shorewall) then denies internet acces for ip addresses listed in blacklist file.

So I have some idea how the future application will work.

I suppose that the application should work this way:
User points his browser to firewallīs web interface and inserts his username and password into webform. Firewall authenticates him/her, modifies iptables rules to suit userīs ip address and isert them.

I also need some script to delete rules after certain amount of inactivity from userīs ip address and when user logs off or close browser

The biggest problem I see is modifying rules according to userīs ip address. I suppose that I will need some php script that will determine userīs ip address and then will run bash script with userīs ip address as parameter. This parameter will be inserted into rules.

Iīd like to ask you for your advices, experience and security suggestions.

Is there some already existing open source project that will solve my task ?

Any recomendations are welcome.

Thanks for your posts.
 
Old 09-07-2007, 06:03 PM   #2
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Maybe look into NuFW.

I've never used it, but it seems to do what you want (and more).
Last edited by win32sux; 09-07-2007 at 06:04 PM.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
IPTABLES rules for NAT of machines through the PPP interface MarkEHansen Linux - Networking 6 06-15-2007 01:19 PM
what are the iptables rules to each interface ? marozsas Linux - Networking 4 07-03-2006 02:11 PM
dynamic iptables rules slzckboy Linux - Networking 4 10-18-2005 01:28 PM
iptables and dynamic rules.... ProtoformX Linux - Security 10 10-20-2004 07:50 AM
Viruses, ipchains, dynamic rules, rules with regular expressions marktaff Linux - Security 2 09-25-2001 04:01 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:32 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration