Great ..I will surely do what u told me. This really sounds good to work
on.
I will start implementing this in 1 or 2 days. Can i contact youi
personally if i need little help ?
Regards and thank for your help
Joel
On Thu, 2004-08-12 at 21:20, Robby Russell wrote:
> On Thu, 2004-08-12 at 01:31, Joel n.solanki wrote:
> > Dear all Gurus,
> >
> > I have read little manul from www.php.net
> > I want to create web based firewall with php+iptables . Can any one give
> > me some documentation or guides or Examples ??I am using redhat linux
> > ..all things are installed.
> > I have little understood that i need to use shell_exec and exec to run
> > linux command. I am very newbie to php even dont know html so i m having
> > tough days with php.
> > if any one could help me out.
> > any docs.
>
> Unlike the other responses, I'll give you a different approach.
>
> Are you attempting to build a web based 'interface' to iptables? So you
> can add/edit/drop rules for iptables?
>
> If I were to build such an app, this is how I would build it.
>
> I would build 3 layers to this app.
>
> - a database (postgresql or mysql)
> - store all your rules, comments, timestamps, etc
>
> - web based interface
> - an interface that allows you to add, edit, modify the data in the
> database
> - give this interface only the necessary ability to do this, nothing
> more so that your firewall configuration remains fairly secure.
>
> - cron script
> - a script on the server (written in php, perl, python, whatever)
> - performs a lookup in the database and checks for any new changes
> since its last run
> - gets the changes and builds the necessary iptables configuration
> script and writes to a file on the server.
> - add a row that records when you did this so that next time you know
> when to look for new records from.
>
> You *could* use exec here to run iptables or you could have another cron
> script that is just a bash script that runs the iptables config file
> that you write with the cron script.
>
> This is how *I* would approach this. This allows for flexibility of each
> piece of the code. For example, one day you might want to pick up python
> and build a cross platform GUI application that will allow you to manage
> the rules like you did in the web interface. If this might even be the
> case then you might want to consider PostgreSQL and building your
> database structure and building server side functions (plperl, plPHP,
> etc) that allow you to perform simple queries to add/edit/modify data.
>
> example: SELECT blockIP('192.168.1.100');
>
> ...is a little cleaner than:
> INSERT INTO tablename (ip_address, block) VALUES ('192.168.1.100', t);
>
> This way all your system logic is stored in your database schema and not
> in your code. Then a new interface is a breeze to develop and deply.
>
> Once again, this is just one approach and might seem like more work but
> after doing this kind of thing for the last several years I'm growing
> weary of typing the same logic over and over to new interfaces. heh.
>
>
> Happy coding!
>
> your local PostgreSQL advocate,
>
> Robby Russell
--
Joel N.Solanki
Network Administrator
Phone No: 0265-550001/2/3/4/5 Ext: 211/212
Digtial 2 Virtual Internet Service Provider.
http://www.packetraptor.com/
http://www.d2visp.com/
Gujarat (India)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
