1
I wonder, is it possible to make an script, which adds rule in iptables by request from other pc? I mean, script "knows" what to do, but addres for rule comes from request.
And how do you think it should be realized? I suppose, it should be deamon, or demonized script...
Alik
Posted 2014-06-10T13:32:37.170
Reputation: 43
1
It is probably easiest to implement this using a server-side scripting language like PHP or Perl. However, since the input to the script is controllable by the user, you should be very careful in using it as input.
An example is below (I am not a web coder, so there could be huge security issues with this code, use with extreme caution):
#!/usr/bin/perl -wT
# Send HTTP content-type
print "Content-type:text/html\r\n\r\n";
my $requester_ip;
# Do some sanity checking on the IP send by the webserver
if ( $ENV{'REMOTE_ADDR'} =~ m/(\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b)/ ) {
my $requester_ip = $1;
} else {
print "An error occurred\n";
exit;
}
# Open SMTP for the requester
`sudo iptables -A INPUT -d $requester_ip -p tcp --dport 25 -j ACCEPT`
If you want to use this, make sure your webserver user can run sudo only with this specific command. Again, this code is provided in the hope that it will be useful, but WITHOUT ANY WARRANTY or FITNESS FOR A PARTICULAR PURPOSE.
It would be even better to do this in a two-stage process:
iptables.
mtak
Posted 2014-06-10T13:32:37.170
Reputation: 11 805