Interfacing IPTABLES with PHP
Currently I have a little fedora box doing my routing at home. It secure, fast and powerful, but I need a easy way to forward ports to local machines.
There are two network cards, eth0 and eth1. eth0 is the internet, eth1 is local net with subnet 192.168.100.XXX
I wrote out a little script in PHP to forward ports to it, but in order for PHP (which is on top of Apache, which runs as user apache) to interface with iptables, I needed to add apache to the sudoers file, and use exec() to sudo and execute the iptables command as root.
As you can guess, this is horribly insecure and i'm hoping there was a cleaner or more elegant way to do it. I've seen scripts like the babel.com.au/phpfwgen/ that can do it, i'm not sure how they do it. I tried to go through their code, but its so dirty and hard to follow I gave up after a few hours.
Any thoughts?
thanks
--AtomicFire
|