EU FIZ ESSE DOIS ARQUVOS INDEX.PHP E FIREWALL.PHP,CONFIGUREI TBM /ETC/SUDOERS, PAEA QUE NAO PEÇA SENHA AO USUARIO COMUM..
MAS AO ESTA DANDO CERTO, JA FIZ DE TUDO SE ALGUEM PUDER ME AJUDAR.
ESTOU UTILIZANDO O APACHE 2 NO UUBUNTU,PHP5.
AI VAI OS CODIGOS
<html>
<head>
<title>..::Firewall com php::..</title>
<body>
<form action="firewall.php" method=post>
<table border="1">
<thead>
<tr>
<th colspan="2"> EXECUCAO DE FIREWALL IPTABLES</th>
</tr>
</thead>
<tbody>
<tr>
<td>TABELA</td>
<td>
<select id="tabela" name="tabela">
<option value="nat" selected="selected">nat</option>
<option value="mangle">mangle</option>
<option value="filter">filter</option>
</select>
</td>
</tr>
<tr>
<td>CADEIA(Chain)</td>
<td>
<input type="text" size="50" name="cadeia" value="">
</td>
</tr>
<tr>
<td>PROTOCOLO</td>
<td>
<select id="protocolo" name="protocolo">
<option value="tcp" selected="tcp" >TCP</option>
<option value="udp">UDP</option>
<option value="icmp">ICMP</option>
<option value="all">TODOS</option>
</select>
</td>
</tr>
<tr>
<td>IP</td>
<td><input type="text" size="11" maxlength="11" name="ip" id="ip" Value=""></td>
</tr>
<tr>
<td>PORTA(max:65535)</td>
<td><input type="text" size="11" maxlength="5" name="porta" value=""></td>
</tr>
<tr>
<td>Permissoes(Target)</td>
<td>
<select id="alvo" name="alvo">
<option value="ACCEPT" selected="selected">ACCEPT</option>
<option value="REJECT">REJECT</option>
<option value="all">TODOS</option>
</select>
</td>
</tr>
<tr>
<td>IP</td>
<td><input type="text" size="11" maxlength="11" name="ip" id="ip" Value=""></td>
</tr>
<tr>
<td>PORTA(max:65535)</td>
<td><input type="text" size="11" maxlength="5" name="porta" value=""></td>
</tr>
<tr>
<td>Permissoes(Target)</td>
<td>
<select id="alvo" name="alvo">
<option value="ACCEPT" selected="selected">ACCEPT</option>
<option value="REJECT">REJECT</option>
<option value="DROP">DROP</option>
</select>
</td>
</tr>
</tbody>
</table>
<p><input type="submit" class="style3" name="activar" value="Ativar Escolha"></p>
</form>
</body>
</html>
esse e o index.php
e agora o feirewall.php
<?php
/**CODIGO firewall.php
*
* #iptables [-t tabela] [opção] [chain] [dados] -j [ação]
*/
//Verifica se foi pressiona o bottão na outra pagina
if(isset ($_POST['activar'])) {
//captura as variaveis do formulario
$Tabela = $_POST['tabela'];
$Cadeia = $_POST['cadeia'];
$Protocolo = $_POST['protocolo'];
$IP = $_POST['ip'];
$Porta = $_POST['porta'];
$Alvo = $_POST['alvo'];
//string com o comando a ser executado
$CMD = "sudo /usr/sbin/iptables -t $Tabela -A $Cadeia -p $Protocolo -s $IP --dport $Porta -j $Alvo";
//Execução do Comando
$resultado = shell_exec($CMD);
shell_exec($CMD);
echo "<p><b>CMD QUE VAI SER EXECUTADO</b>:</p> $CMD";
echo "<p><b>(CASO FALHE) TESTE O CMD NA CONSOLA PARA VERIFICA A SUA VALIDADE</b>:</p>";
/* Verifa se foi devolvido alguma mensagem é mostra*/
if(!empty($resultado)) {
echo "<p><b>O CMD devolveu o seguinte</b>:</p> $resultado";
}else {
echo "<p><b>O CMD não devolveu NADA</b>:</p>";
}else{
echo "A Regra iptables -t ( $Tabela ) -A ( $Cadeia ) -p ( $Protocolo ) -s ( $IP ) --dport ( $Porta ) -j ( $Alvo) Cadastrados com Sucesso no Linux"
}
}
NO /ETC/SUDOERS
ESTA ASSIM
# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL) ALL
jefferson ALL=NOPASSWD: /usr/sbin/iptables, /usr/sbin/iptables-save, /usr/sbin/iptables-restore
nobody ALL=NOPASSWD: /usr/sbin/iptables, /usr/sbin/iptables-save, /usr/sbin/iptables-restore
#################################################################################################
apache ALL=NOPASSWD: /usr/sbin/iptables
apache ALL=NOPASSWD: /usr/sbin/iptables-save
apache ALL=NOPASSWD: /usr/sbin/iptables-restore
apache ALL=NOPASSWD: /sbin/arp
apache ALL=NOPASSWD: /bin/echo
apache ALL=NOPASSWD: /bin/rm
###################################################################################################
# Uncomment to allow members of group sudo to not need a password
# (Note that later entries override this, so you might need to move
# it further down)
%sudo ALL=NOPASSWD: ALL
jefferson ALL=NOPASSWD: /usr/sbin/iptables, /usr/sbin/iptables-save, /usr/sbin/iptables-restore
nobody ALL=NOPASSWD: /usr/sbin/iptables, /usr/sbin/iptables-save, /usr/sbin/iptables-restore
##################################################################################################
apache ALL=NOPASSWD: /usr/sbin/iptables
apache ALL=NOPASSWD: /usr/sbin/iptables-save
apache ALL=NOPASSWD: /usr/sbin/iptables-restore
apache ALL=NOPASSWD: /sbin/arp
apache ALL=NOPASSWD: /bin/echo
apache ALL=NOPASSWD: /bin/rm
####################################################################################################
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
jefferson ALL=NOPASSWD: /usr/sbin/iptables, /usr/sbin/iptables-save, /usr/sbin/iptables-restore
nobody ALL=NOPASSWD: /usr/sbin/iptables, /usr/sbin/iptables-save, /usr/sbin/iptables-restore
###################################################################################################
apache ALL=NOPASSWD: /usr/sbin/iptables
apache ALL=NOPASSWD: /usr/sbin/iptables-save
apache ALL=NOPASSWD: /usr/sbin/iptables-restore
apache ALL=NOPASSWD: /sbin/arp
apache ALL=NOPASSWD: /bin/echo
por favor me ajudem....