How to execute iptables command by the user apache ???

Bassam · 10-27-2005, 10:26 PM

Dear All,
I am writing a CGI application for my gateway using Perl programming language on a Linux redhat 9 system, and I have a choice in my application where hosts can be denied our allowed to access the Internet.

I need to call the following iptables commands from my CGI application:

Code:

iptables -t filter -I FORWARD 1 -i eth1 -m mac --mac-source ff:22:23:01:8c:f3 -s 10.0.0.30 -j ACCEPT

iptables -t filter -D FORWARD -i eth1 -m mac --mac-source ff:22:23:01:8c:f3 -s 10.0.0.30 -j ACCEPT

But unfortunately they are not executed and I am getting the following error in my error_log file:

iptables v1.2.7a: can't initialize iptables table `filter': Permission denied (you must be root)

I realized that the user apache of my web server is not privileged to executed this iptables command.

I wonder if there is a way to make the apache user of my apache web server be able to execute this command.

Your help is appreciatiable

Regards
Bassam

ashamril · 10-28-2005, 02:35 AM

maybe u can try using sudo

fouldsy · 10-28-2005, 07:10 AM

Certainly from php you can use exec("iptables"); if your www-data user is addded to the sudoers file as being able to manipulate ip tables. Would guess it would be the same with your CGI script. Install the sudo package and read the manpage for adding your user.