On Thu, 2004-08-12 at 01:31, Joel n.solanki wrote: > Dear all Gurus, > > I have read little manul from www.php.net > I want to create web based firewall with php+iptables . Can any one give > me some documentation or guides or Examples ??I am using redhat linux > ..all things are installed. > I have little understood that i need to use shell_exec and exec to run > linux command. I am very newbie to php even dont know html so i m having > tough days with php. > if any one could help me out. > any docs.
Unlike the other responses, I'll give you a different approach.
Are you attempting to build a web based 'interface' to iptables? So you
can add/edit/drop rules for iptables?
If I were to build such an app, this is how I would build it.
I would build 3 layers to this app.
- a database (postgresql or mysql)
- store all your rules, comments, timestamps, etc
- web based interface
- an interface that allows you to add, edit, modify the data in the
database
- give this interface only the necessary ability to do this, nothing
more so that your firewall configuration remains fairly secure.
- cron script
- a script on the server (written in php, perl, python, whatever)
- performs a lookup in the database and checks for any new changes
since its last run
- gets the changes and builds the necessary iptables configuration
script and writes to a file on the server.
- add a row that records when you did this so that next time you know
when to look for new records from.
You *could* use exec here to run iptables or you could have another cron
script that is just a bash script that runs the iptables config file
that you write with the cron script.
This is how *I* would approach this. This allows for flexibility of each
piece of the code. For example, one day you might want to pick up python
and build a cross platform GUI application that will allow you to manage
the rules like you did in the web interface. If this might even be the
case then you might want to consider PostgreSQL and building your
database structure and building server side functions (plperl, plPHP,
etc) that allow you to perform simple queries to add/edit/modify data.
example: SELECT blockIP('192.168.1.100');
...is a little cleaner than:
INSERT INTO tablename (ip_address, block) VALUES ('192.168.1.100', t);
This way all your system logic is stored in your database schema and not
in your code. Then a new interface is a breeze to develop and deply.
Once again, this is just one approach and might seem like more work but
after doing this kind of thing for the last several years I'm growing
weary of typing the same logic over and over to new interfaces. heh.
Happy coding!
your local PostgreSQL advocate,
Robby Russell
--
/***************************************
* Robby Russell | Owner.Developer.Geek
* PLANET ARGON | www.planetargon.com
* Portland, OR | [EMAIL PROTECTED]
* 503.351.4730 | blog.planetargon.com
* PHP/PostgreSQL Hosting & Development
****************************************/
signature.asc
Description: This is a digitally signed message part
