you don't really need two iptables scripts... you just need for a single iptables command/rule to be issued when the app starts and another iptables command (deleting the issued rule) when the app stops... i've put a simple script together for you which does precisely this... i've tested it and it works, but it would still need for you to tweak it and stuff... i'm sure it has issues, but i'm posting it mainly to get the ball rolling for you...
keep in mind i'm on ubuntu, so i'm in the habit of using sudo when i need to execute something with root powers... the point being that i execute this script (let's call it
example-launcher.sh) using sudo... and within the script itself sudo is used to launch the app as the regular user of choice... so the password is only needed once - to execute the script...
Code:
sudo ./example-launcher.sh
anyhow, here it is - i tested it with firefox and it worked fine... i am aware that firefox doesn't need any open ports but well it's what i used to test...
- the script first attempts to see if the specified port is open...
- if the port seems open, it proceeds to launch the app and then exit...
- if the port doesn't seem open, it will issue a rule to open it, and then launch the app and wait... once the app exits successfully, it issues a command to delete the rule it added earlier...
Code:
#!/bin/sh
IPTABLES="/sbin/iptables"
STATUS=`$IPTABLES -L INPUT -n -v`
PORT="5555:7777"
PROTO="TCP"
APP="/usr/bin/firefox"
APP_USER="win32sux"
if echo "$STATUS" | grep ACCEPT | grep dpt.*$PORT | \
grep -i $PROTO > /dev/null ; then
sudo -u $APP_USER $APP &
exit
else
$IPTABLES -I INPUT -p $PROTO --dport $PORT -j ACCEPT
sudo -u $APP_USER $APP &&
$IPTABLES -D INPUT -p $PROTO --dport $PORT -j ACCEPT
fi
it would be pretty cool to fashion this into a desktop icon that when clicked will graphically ask you for your password...