On 3 avr, 18:41, s...@mealburnheart.ce wrote:
> Hello,
>
> I need some hints about writing a script to control the firewall, an
> example would be very helpful. Here is what I want to do.
>
> I want to have a special file on my web server, whenever someone visits
> this special file, a script will be executed. The script will grab the ip
> of the visitor, then opens certain ports for the specific ip.
>
> For example, when someone visitshttp://www.myhost.com/hack.htmlfrom ip 127.0.0.1
>
> I want the script to do the following to modify the firewall:
> ipchains -I input -s 127.0.0.1/255.255.255.255 -d 10.0.0.1 2214:2312 -p 6
> -j ACCEPT
>
> Now, how do I go about that? Hope someone would spare a few minutes to
> help, thanks.

This is one this that comes to my mind, sure it's not the better way
to do it.

For the page, you may use php for exemple. There is function to get IP
of the visitor, and it has the ability to exec shell commands (if safe
mode is disabled). This page will call an SUID shell script with the
IP address as argument. This script is only to execute the command
with root level without apache/php set as root.

For iptables, if you think you'll have only one session of that type,
you may create a table REMOTE_ACCESS instead of puting directly your
rule in the INPUT table. Will be easier to flush it

It would be something like that :

page.php
<?
$ip = getIP(); //Don't remeber the name of the funtion/var
exec (myscript, $ip); // Don't remeber what the args need to be
?>

myscript
#!/bin/sh
ipchains -I REMOTE_ACCESS -s ${0}/255.255.255.255 -d 10.0.0.1
2214:2312 -p 6 -j ACCEPT