You might want to do a search for "PHP Firewall" and look at the other projects already out there.
http://phpfwgen.sourceforge.net/ > -----Original Message----- > From: Joel n.solanki [mailto:[EMAIL PROTECTED] > Sent: Friday, August 13, 2004 9:53 PM > To: Robby Russell > Cc: php-users > Subject: Re: [PHP] php+iptables > > Great ..I will surely do what u told me. This really sounds good to work > on. > I will start implementing this in 1 or 2 days. Can i contact youi > personally if i need little help ? > > Regards and thank for your help > > Joel > On Thu, 2004-08-12 at 21:20, Robby Russell wrote: > > On Thu, 2004-08-12 at 01:31, Joel n.solanki wrote: > > > Dear all Gurus, > > > > > > I have read little manul from www.php.net > > > I want to create web based firewall with php+iptables . Can any one > give > > > me some documentation or guides or Examples ??I am using redhat linux > > > ..all things are installed. > > > I have little understood that i need to use shell_exec and exec to run > > > linux command. I am very newbie to php even dont know html so i m > having > > > tough days with php. > > > if any one could help me out. > > > any docs. > > > > Unlike the other responses, I'll give you a different approach. > > > > Are you attempting to build a web based 'interface' to iptables? So you > > can add/edit/drop rules for iptables? > > > > If I were to build such an app, this is how I would build it. > > > > I would build 3 layers to this app. > > > > - a database (postgresql or mysql) > > - store all your rules, comments, timestamps, etc > > > > - web based interface > > - an interface that allows you to add, edit, modify the data in the > > database > > - give this interface only the necessary ability to do this, nothing > > more so that your firewall configuration remains fairly secure. > > > > - cron script > > - a script on the server (written in php, perl, python, whatever) > > - performs a lookup in the database and checks for any new changes > > since its last run > > - gets the changes and builds the necessary iptables configuration > > script and writes to a file on the server. > > - add a row that records when you did this so that next time you know > > when to look for new records from. > > > > You *could* use exec here to run iptables or you could have another cron > > script that is just a bash script that runs the iptables config file > > that you write with the cron script. > > > > This is how *I* would approach this. This allows for flexibility of each > > piece of the code. For example, one day you might want to pick up python > > and build a cross platform GUI application that will allow you to manage > > the rules like you did in the web interface. If this might even be the > > case then you might want to consider PostgreSQL and building your > > database structure and building server side functions (plperl, plPHP, > > etc) that allow you to perform simple queries to add/edit/modify data. > > > > example: SELECT blockIP('192.168.1.100'); > > > > ...is a little cleaner than: > > INSERT INTO tablename (ip_address, block) VALUES ('192.168.1.100', t); > > > > This way all your system logic is stored in your database schema and not > > in your code. Then a new interface is a breeze to develop and deply. > > > > Once again, this is just one approach and might seem like more work but > > after doing this kind of thing for the last several years I'm growing > > weary of typing the same logic over and over to new interfaces. heh. > > > > > > Happy coding! > > > > your local PostgreSQL advocate, > > > > Robby Russell > -- > Joel N.Solanki > Network Administrator > Phone No: 0265-550001/2/3/4/5 Ext: 211/212 > Digtial 2 Virtual Internet Service Provider. > http://www.packetraptor.com/ > http://www.d2visp.com/ > Gujarat (India) > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
