need help with a firewall script - Networking

This is a discussion on need help with a firewall script - Networking ; Hello, I need some hints about writing a script to control the firewall, an example would be very helpful. Here is what I want to do. I want to have a special file on my web server, whenever someone visits ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: need help with a firewall script

  1. need help with a firewall script

    Hello,

    I need some hints about writing a script to control the firewall, an
    example would be very helpful. Here is what I want to do.

    I want to have a special file on my web server, whenever someone visits
    this special file, a script will be executed. The script will grab the ip
    of the visitor, then opens certain ports for the specific ip.

    For example, when someone visits
    http://www.myhost.com/hack.html from ip 127.0.0.1

    I want the script to do the following to modify the firewall:
    ipchains -I input -s 127.0.0.1/255.255.255.255 -d 10.0.0.1 2214:2312 -p 6
    -j ACCEPT

    Now, how do I go about that? Hope someone would spare a few minutes to
    help, thanks.




  2. Re: need help with a firewall script

    On 3 avr, 18:41, s...@mealburnheart.ce wrote:
    > Hello,
    >
    > I need some hints about writing a script to control the firewall, an
    > example would be very helpful. Here is what I want to do.
    >
    > I want to have a special file on my web server, whenever someone visits
    > this special file, a script will be executed. The script will grab the ip
    > of the visitor, then opens certain ports for the specific ip.
    >
    > For example, when someone visitshttp://www.myhost.com/hack.htmlfrom ip 127.0.0.1
    >
    > I want the script to do the following to modify the firewall:
    > ipchains -I input -s 127.0.0.1/255.255.255.255 -d 10.0.0.1 2214:2312 -p 6
    > -j ACCEPT
    >
    > Now, how do I go about that? Hope someone would spare a few minutes to
    > help, thanks.


    This is one this that comes to my mind, sure it's not the better way
    to do it.

    For the page, you may use php for exemple. There is function to get IP
    of the visitor, and it has the ability to exec shell commands (if safe
    mode is disabled). This page will call an SUID shell script with the
    IP address as argument. This script is only to execute the command
    with root level without apache/php set as root.

    For iptables, if you think you'll have only one session of that type,
    you may create a table REMOTE_ACCESS instead of puting directly your
    rule in the INPUT table. Will be easier to flush it

    It would be something like that :

    page.php
    $ip = getIP(); //Don't remeber the name of the funtion/var
    exec (myscript, $ip); // Don't remeber what the args need to be
    ?>

    myscript
    #!/bin/sh
    ipchains -I REMOTE_ACCESS -s ${0}/255.255.255.255 -d 10.0.0.1
    2214:2312 -p 6 -j ACCEPT


+ Reply to Thread