Latest LQ Deal: Latest LQ Deals
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 09-07-2007, 05:35 AM   #1
LQ Newbie
Registered: Jul 2006
Posts: 5

Rep: Reputation: 0
Dynamic change of iptables rules using web interface

kerio WinROute firewall has one interesting feature. This feature allows inserting firewall rules based on username that was used to log into firewallīs web interface. So user insert his username and password into webform, firewall authenticates him against Active Directory and insert predefined rules for ip address the user logged from.

My boss likes this feature so much, that I was charged to find or write linux equivalent.

I do not think that is very big problem, but also it is not trivia task. Especially because we are handling with security

In fact I used similar system in my former job to limit access to internet for specific ip or mac address.

This system uses mysql database, web interface and one php and one bash script. From web interface was I run bash script and this script started php script and then refreshed firewall. The php script loaded from mysql database ip addresse with flag that denies internet access and these ip addresses were written to file called blacklist. Our firewall (shorewall) then denies internet acces for ip addresses listed in blacklist file.

So I have some idea how the future application will work.

I suppose that the application should work this way:
User points his browser to firewallīs web interface and inserts his username and password into webform. Firewall authenticates him/her, modifies iptables rules to suit userīs ip address and isert them.

I also need some script to delete rules after certain amount of inactivity from userīs ip address and when user logs off or close browser

The biggest problem I see is modifying rules according to userīs ip address. I suppose that I will need some php script that will determine userīs ip address and then will run bash script with userīs ip address as parameter. This parameter will be inserted into rules.

Iīd like to ask you for your advices, experience and security suggestions.

Is there some already existing open source project that will solve my task ?

Any recomendations are welcome.

Thanks for your posts.
Old 09-07-2007, 07:03 PM   #2
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Maybe look into NuFW.

I've never used it, but it seems to do what you want (and more).

Last edited by win32sux; 09-07-2007 at 07:04 PM.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
IPTABLES rules for NAT of machines through the PPP interface MarkEHansen Linux - Networking 6 06-15-2007 02:19 PM
what are the iptables rules to each interface ? marozsas Linux - Networking 4 07-03-2006 03:11 PM
dynamic iptables rules slzckboy Linux - Networking 4 10-18-2005 02:28 PM
iptables and dynamic rules.... ProtoformX Linux - Security 10 10-20-2004 08:50 AM
Viruses, ipchains, dynamic rules, rules with regular expressions marktaff Linux - Security 2 09-25-2001 05:01 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:13 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration