RE: [PHP] php+iptables
You might want to do a search for "PHP Firewall" and look at the other
projects already out there.
http://phpfwgen.sourceforge.net/
> -Original Message-
> From: Joel n.solanki [mailto:[EMAIL PROTECTED]
> Sent: Friday, August 13, 2004 9:53 PM
> To: Robby Russell
> Cc: php-users
> Subject: Re: [PHP] php+iptables
>
> Great ..I will surely do what u told me. This really sounds good to work
> on.
> I will start implementing this in 1 or 2 days. Can i contact youi
> personally if i need little help ?
>
> Regards and thank for your help
>
> Joel
> On Thu, 2004-08-12 at 21:20, Robby Russell wrote:
> > On Thu, 2004-08-12 at 01:31, Joel n.solanki wrote:
> > > Dear all Gurus,
> > >
> > > I have read little manul from www.php.net
> > > I want to create web based firewall with php+iptables . Can any one
> give
> > > me some documentation or guides or Examples ??I am using redhat linux
> > > ..all things are installed.
> > > I have little understood that i need to use shell_exec and exec to run
> > > linux command. I am very newbie to php even dont know html so i m
> having
> > > tough days with php.
> > > if any one could help me out.
> > > any docs.
> >
> > Unlike the other responses, I'll give you a different approach.
> >
> > Are you attempting to build a web based 'interface' to iptables? So you
> > can add/edit/drop rules for iptables?
> >
> > If I were to build such an app, this is how I would build it.
> >
> > I would build 3 layers to this app.
> >
> > - a database (postgresql or mysql)
> > - store all your rules, comments, timestamps, etc
> >
> > - web based interface
> > - an interface that allows you to add, edit, modify the data in the
> > database
> > - give this interface only the necessary ability to do this, nothing
> > more so that your firewall configuration remains fairly secure.
> >
> > - cron script
> > - a script on the server (written in php, perl, python, whatever)
> > - performs a lookup in the database and checks for any new changes
> > since its last run
> > - gets the changes and builds the necessary iptables configuration
> > script and writes to a file on the server.
> > - add a row that records when you did this so that next time you know
> > when to look for new records from.
> >
> > You *could* use exec here to run iptables or you could have another cron
> > script that is just a bash script that runs the iptables config file
> > that you write with the cron script.
> >
> > This is how *I* would approach this. This allows for flexibility of each
> > piece of the code. For example, one day you might want to pick up python
> > and build a cross platform GUI application that will allow you to manage
> > the rules like you did in the web interface. If this might even be the
> > case then you might want to consider PostgreSQL and building your
> > database structure and building server side functions (plperl, plPHP,
> > etc) that allow you to perform simple queries to add/edit/modify data.
> >
> > example: SELECT blockIP('192.168.1.100');
> >
> > ...is a little cleaner than:
> > INSERT INTO tablename (ip_address, block) VALUES ('192.168.1.100', t);
> >
> > This way all your system logic is stored in your database schema and not
> > in your code. Then a new interface is a breeze to develop and deply.
> >
> > Once again, this is just one approach and might seem like more work but
> > after doing this kind of thing for the last several years I'm growing
> > weary of typing the same logic over and over to new interfaces. heh.
> >
> >
> > Happy coding!
> >
> > your local PostgreSQL advocate,
> >
> > Robby Russell
> --
> Joel N.Solanki
> Network Administrator
> Phone No: 0265-550001/2/3/4/5 Ext: 211/212
> Digtial 2 Virtual Internet Service Provider.
> http://www.packetraptor.com/
> http://www.d2visp.com/
> Gujarat (India)
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php+iptables
Great ..I will surely do what u told me. This really sounds good to work
on.
I will start implementing this in 1 or 2 days. Can i contact youi
personally if i need little help ?
Regards and thank for your help
Joel
On Thu, 2004-08-12 at 21:20, Robby Russell wrote:
> On Thu, 2004-08-12 at 01:31, Joel n.solanki wrote:
> > Dear all Gurus,
> >
> > I have read little manul from www.php.net
> > I want to create web based firewall with php+iptables . Can any one give
> > me some documentation or guides or Examples ??I am using redhat linux
> > ..all things are installed.
> > I have little understood that i need to use shell_exec and exec to run
> > linux command. I am very newbie to php even dont know html so i m having
> > tough days with php.
> > if any one could help me out.
> > any docs.
>
> Unlike the other responses, I'll give you a different approach.
>
> Are you attempting to build a web based 'interface' to iptables? So you
> can add/edit/drop rules for iptables?
>
> If I were to build such an app, this is how I would build it.
>
> I would build 3 layers to this app.
>
> - a database (postgresql or mysql)
> - store all your rules, comments, timestamps, etc
>
> - web based interface
> - an interface that allows you to add, edit, modify the data in the
> database
> - give this interface only the necessary ability to do this, nothing
> more so that your firewall configuration remains fairly secure.
>
> - cron script
> - a script on the server (written in php, perl, python, whatever)
> - performs a lookup in the database and checks for any new changes
> since its last run
> - gets the changes and builds the necessary iptables configuration
> script and writes to a file on the server.
> - add a row that records when you did this so that next time you know
> when to look for new records from.
>
> You *could* use exec here to run iptables or you could have another cron
> script that is just a bash script that runs the iptables config file
> that you write with the cron script.
>
> This is how *I* would approach this. This allows for flexibility of each
> piece of the code. For example, one day you might want to pick up python
> and build a cross platform GUI application that will allow you to manage
> the rules like you did in the web interface. If this might even be the
> case then you might want to consider PostgreSQL and building your
> database structure and building server side functions (plperl, plPHP,
> etc) that allow you to perform simple queries to add/edit/modify data.
>
> example: SELECT blockIP('192.168.1.100');
>
> ...is a little cleaner than:
> INSERT INTO tablename (ip_address, block) VALUES ('192.168.1.100', t);
>
> This way all your system logic is stored in your database schema and not
> in your code. Then a new interface is a breeze to develop and deply.
>
> Once again, this is just one approach and might seem like more work but
> after doing this kind of thing for the last several years I'm growing
> weary of typing the same logic over and over to new interfaces. heh.
>
>
> Happy coding!
>
> your local PostgreSQL advocate,
>
> Robby Russell
--
Joel N.Solanki
Network Administrator
Phone No: 0265-550001/2/3/4/5 Ext: 211/212
Digtial 2 Virtual Internet Service Provider.
http://www.packetraptor.com/
http://www.d2visp.com/
Gujarat (India)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php+iptables
On Thu, 2004-08-12 at 01:31, Joel n.solanki wrote:
> Dear all Gurus,
>
> I have read little manul from www.php.net
> I want to create web based firewall with php+iptables . Can any one give
> me some documentation or guides or Examples ??I am using redhat linux
> ..all things are installed.
> I have little understood that i need to use shell_exec and exec to run
> linux command. I am very newbie to php even dont know html so i m having
> tough days with php.
> if any one could help me out.
> any docs.
Unlike the other responses, I'll give you a different approach.
Are you attempting to build a web based 'interface' to iptables? So you
can add/edit/drop rules for iptables?
If I were to build such an app, this is how I would build it.
I would build 3 layers to this app.
- a database (postgresql or mysql)
- store all your rules, comments, timestamps, etc
- web based interface
- an interface that allows you to add, edit, modify the data in the
database
- give this interface only the necessary ability to do this, nothing
more so that your firewall configuration remains fairly secure.
- cron script
- a script on the server (written in php, perl, python, whatever)
- performs a lookup in the database and checks for any new changes
since its last run
- gets the changes and builds the necessary iptables configuration
script and writes to a file on the server.
- add a row that records when you did this so that next time you know
when to look for new records from.
You *could* use exec here to run iptables or you could have another cron
script that is just a bash script that runs the iptables config file
that you write with the cron script.
This is how *I* would approach this. This allows for flexibility of each
piece of the code. For example, one day you might want to pick up python
and build a cross platform GUI application that will allow you to manage
the rules like you did in the web interface. If this might even be the
case then you might want to consider PostgreSQL and building your
database structure and building server side functions (plperl, plPHP,
etc) that allow you to perform simple queries to add/edit/modify data.
example: SELECT blockIP('192.168.1.100');
...is a little cleaner than:
INSERT INTO tablename (ip_address, block) VALUES ('192.168.1.100', t);
This way all your system logic is stored in your database schema and not
in your code. Then a new interface is a breeze to develop and deply.
Once again, this is just one approach and might seem like more work but
after doing this kind of thing for the last several years I'm growing
weary of typing the same logic over and over to new interfaces. heh.
Happy coding!
your local PostgreSQL advocate,
Robby Russell
--
/***
* Robby Russell | Owner.Developer.Geek
* PLANET ARGON | www.planetargon.com
* Portland, OR | [EMAIL PROTECTED]
* 503.351.4730 | blog.planetargon.com
* PHP/PostgreSQL Hosting & Development
/
signature.asc
Description: This is a digitally signed message part
Re: [PHP] php+iptables
Joel n.solanki wrote: Dear all Gurus, I have read little manul from www.php.net I want to create web based firewall with php+iptables . Can any one give me some documentation or guides or Examples ??I am using redhat linux You are really getting into the deep end if you are starting off with this. You need to put in a lot of care if you are configuring IPtables this way. If you are not carefull you will find that you are locking yourself out. Yes you do have to use exec but only the root user can change filtering rules -which you are probably aware of. Unfortunately apache runs as a non privileged user and that means you will need to foray into suexec or sudo both of which are rather dangerous. I am not trying to discourage you but just pointing out that this is perhaps not the ideal first project with PHP. ..all things are installed. I have little understood that i need to use shell_exec and exec to run linux command. I am very newbie to php even dont know html so i m having tough days with php. if any one could help me out. any docs. Regards, -- Raditha Dissanayake. http://www.radinks.com/sftp/ | http://www.raditha.com/megaupload Lean and mean Secure FTP applet with | Mega Upload - PHP file uploader Graphical User Inteface. Just 128 KB | with progress bar. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
