Inserindo iptables com php

**ribeirokaka2** · 30-01-2010, 19:05

EU FIZ ESSE DOIS ARQUVOS INDEX.PHP E FIREWALL.PHP,CONFIGUREI TBM /ETC/SUDOERS, PAEA QUE NAO PEÇA SENHA AO USUARIO COMUM..
MAS AO ESTA DANDO CERTO, JA FIZ DE TUDO SE ALGUEM PUDER ME AJUDAR.
ESTOU UTILIZANDO O APACHE 2 NO UUBUNTU,PHP5.

AI VAI OS CODIGOS

<html>
<head>
<title>..::Firewall com php::..</title>
<body>

<form action="firewall.php" method=post>
<table border="1">
<thead>
<tr>
<th colspan="2"> EXECUCAO DE FIREWALL IPTABLES</th>
</tr>
</thead>
<tbody>
<tr>
<td>TABELA</td>
<td>
<select id="tabela" name="tabela">
<option value="nat" selected="selected">nat</option>
<option value="mangle">mangle</option>
<option value="filter">filter</option>
</select>
</td>
</tr>
<tr>
<td>CADEIA(Chain)</td>
<td>
<input type="text" size="50" name="cadeia" value="">
</td>
</tr>
<tr>
<td>PROTOCOLO</td>
<td>
<select id="protocolo" name="protocolo">
<option value="tcp" selected="tcp" >TCP</option>
<option value="udp">UDP</option>
<option value="icmp">ICMP</option>
<option value="all">TODOS</option>
</select>
</td>
</tr>
<tr>
<td>IP</td>
<td><input type="text" size="11" maxlength="11" name="ip" id="ip" Value=""></td>
</tr>
<tr>
<td>PORTA(max:65535)</td>
<td><input type="text" size="11" maxlength="5" name="porta" value=""></td>
</tr>
<tr>
<td>Permissoes(Target)</td>
<td>
<select id="alvo" name="alvo">
<option value="ACCEPT" selected="selected">ACCEPT</option>
<option value="REJECT">REJECT</option>
<option value="all">TODOS</option>
</select>
</td>
</tr>
<tr>
<td>IP</td>
<td><input type="text" size="11" maxlength="11" name="ip" id="ip" Value=""></td>
</tr>
<tr>
<td>PORTA(max:65535)</td>
<td><input type="text" size="11" maxlength="5" name="porta" value=""></td>
</tr>
<tr>
<td>Permissoes(Target)</td>
<td>
<select id="alvo" name="alvo">
<option value="ACCEPT" selected="selected">ACCEPT</option>
<option value="REJECT">REJECT</option>
<option value="DROP">DROP</option>
</select>
</td>
</tr>
</tbody>
</table>
<p><input type="submit" class="style3" name="activar" value="Ativar Escolha"></p>

</form>
</body>
</html>

esse e o index.php

e agora o feirewall.php

<?php
/**CODIGO firewall.php
*
* #iptables [-t tabela] [opção] [chain] [dados] -j [ação]
*/

//Verifica se foi pressiona o bottão na outra pagina
if(isset ($_POST['activar'])) {

//captura as variaveis do formulario
$Tabela = $_POST['tabela'];
$Cadeia = $_POST['cadeia'];
$Protocolo = $_POST['protocolo'];
$IP = $_POST['ip'];
$Porta = $_POST['porta'];
$Alvo = $_POST['alvo'];

//string com o comando a ser executado
$CMD = "sudo /usr/sbin/iptables -t $Tabela -A $Cadeia -p $Protocolo -s $IP --dport $Porta -j $Alvo";

//Execução do Comando
$resultado = shell_exec($CMD);
shell_exec($CMD);
echo "<p><b>CMD QUE VAI SER EXECUTADO</b>:</p> $CMD";
echo "<p><b>(CASO FALHE) TESTE O CMD NA CONSOLA PARA VERIFICA A SUA VALIDADE</b>:</p>";

/* Verifa se foi devolvido alguma mensagem é mostra*/
if(!empty($resultado)) {
echo "<p><b>O CMD devolveu o seguinte</b>:</p> $resultado";
}else {
echo "<p><b>O CMD não devolveu NADA</b>:</p>";
}else{
echo "A Regra iptables -t ( $Tabela ) -A ( $Cadeia ) -p ( $Protocolo ) -s ( $IP ) --dport ( $Porta ) -j ( $Alvo) Cadastrados com Sucesso no Linux"
}
}
NO /ETC/SUDOERS

ESTA ASSIM

# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#

Defaults env_reset

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root ALL=(ALL) ALL
jefferson ALL=NOPASSWD: /usr/sbin/iptables, /usr/sbin/iptables-save, /usr/sbin/iptables-restore
nobody ALL=NOPASSWD: /usr/sbin/iptables, /usr/sbin/iptables-save, /usr/sbin/iptables-restore
#################################################################################################
apache ALL=NOPASSWD: /usr/sbin/iptables
apache ALL=NOPASSWD: /usr/sbin/iptables-save
apache ALL=NOPASSWD: /usr/sbin/iptables-restore
apache ALL=NOPASSWD: /sbin/arp
apache ALL=NOPASSWD: /bin/echo
apache ALL=NOPASSWD: /bin/rm
###################################################################################################

# Uncomment to allow members of group sudo to not need a password
# (Note that later entries override this, so you might need to move
# it further down)
%sudo ALL=NOPASSWD: ALL
jefferson ALL=NOPASSWD: /usr/sbin/iptables, /usr/sbin/iptables-save, /usr/sbin/iptables-restore
nobody ALL=NOPASSWD: /usr/sbin/iptables, /usr/sbin/iptables-save, /usr/sbin/iptables-restore
##################################################################################################
apache ALL=NOPASSWD: /usr/sbin/iptables
apache ALL=NOPASSWD: /usr/sbin/iptables-save
apache ALL=NOPASSWD: /usr/sbin/iptables-restore
apache ALL=NOPASSWD: /sbin/arp
apache ALL=NOPASSWD: /bin/echo
apache ALL=NOPASSWD: /bin/rm

####################################################################################################
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

jefferson ALL=NOPASSWD: /usr/sbin/iptables, /usr/sbin/iptables-save, /usr/sbin/iptables-restore
nobody ALL=NOPASSWD: /usr/sbin/iptables, /usr/sbin/iptables-save, /usr/sbin/iptables-restore
###################################################################################################
apache ALL=NOPASSWD: /usr/sbin/iptables
apache ALL=NOPASSWD: /usr/sbin/iptables-save
apache ALL=NOPASSWD: /usr/sbin/iptables-restore
apache ALL=NOPASSWD: /sbin/arp
apache ALL=NOPASSWD: /bin/echo

por favor me ajudem....

Resultados da Enquete: iptables + php

Inserindo iptables com php

Ferramentas de Tópicos

Inserindo iptables com php