Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am in need of a solution for an ongoing issue I have.
This issue is that to ensure network security, I have blocked all IPs in iptables, adding rules for only select IPs. BTW, I am using CentOS.
I have a server that needs to be accessed by clients, some of these clients have dynamic IPs, so in order to allow them to see my server, I have to manually add them in iptables.
This has become a heartache lately due to too many clients.
I have been searching for a solution that I can implement in which clients can edit there own IP without much action from me. It needs to be a solution that clients can only edit their one iptables rule, not able to edit all or any rule. Would need to have different user login accounts.
Preferably in PHP, but if any of you know of a solution using a different language I am open to any suggestions.
It'd be easy enough to write something like that. It'd also be easy enough to make big mistakes. You'll really have to be very sure about input validation. There's also little that can be done to prevent them from then adding aribitrary addresses.
One way is to apply your basic set of rules and have a separate chain for the dynamic addresses which might even point to additional chains one per customer.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.