need help with a firewall script
This is a discussion on need help with a firewall script within the Linux Networking forums, part of the Linux Forums category; Hello, I need some hints about writing a script to control the firewall, an example would be very helpful. Here ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
04-03-2007
|
|||
|
|||
need help with a firewall script
Hello,
I need some hints about writing a script to control the firewall, an example would be very helpful. Here is what I want to do. I want to have a special file on my web server, whenever someone visits this special file, a script will be executed. The script will grab the ip of the visitor, then opens certain ports for the specific ip. For example, when someone visits http://www.myhost.com/hack.html from ip 127.0.0.1 I want the script to do the following to modify the firewall: ipchains -I input -s 127.0.0.1/255.255.255.255 -d 10.0.0.1 2214:2312 -p 6 -j ACCEPT Now, how do I go about that? Hope someone would spare a few minutes to help, thanks. 
|
|
04-04-2007
|
|||
|
|||
|
Re: need help with a firewall script
On 3 avr, 18:41, s...@mealburnheart.ce wrote:
> Hello, > > I need some hints about writing a script to control the firewall, an > example would be very helpful. Here is what I want to do. > > I want to have a special file on my web server, whenever someone visits > this special file, a script will be executed. The script will grab the ip > of the visitor, then opens certain ports for the specific ip. > > For example, when someone visitshttp://www.myhost.com/hack.htmlfrom ip 127.0.0.1 > > I want the script to do the following to modify the firewall: > ipchains -I input -s 127.0.0.1/255.255.255.255 -d 10.0.0.1 2214:2312 -p 6 > -j ACCEPT > > Now, how do I go about that? Hope someone would spare a few minutes to > help, thanks. This is one this that comes to my mind, sure it's not the better way to do it. For the page, you may use php for exemple. There is function to get IP of the visitor, and it has the ability to exec shell commands (if safe mode is disabled). This page will call an SUID shell script with the IP address as argument. This script is only to execute the command with root level without apache/php set as root. For iptables, if you think you'll have only one session of that type, you may create a table REMOTE_ACCESS instead of puting directly your rule in the INPUT table. Will be easier to flush it It would be something like that : page.php <? $ip = getIP(); //Don't remeber the name of the funtion/var exec (myscript, $ip); // Don't remeber what the args need to be ?> myscript #!/bin/sh ipchains -I REMOTE_ACCESS -s ${0}/255.255.255.255 -d 10.0.0.1 2214:2312 -p 6 -j ACCEPT
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 07:52 AM.
