index.php
<html>
<head>
<title>..::Firewall com php::..</title>
<body>
<form action="firewall.php" method=post>
<table border="1">
<thead>
<tr>
<th colspan="2"> EXECUCAO DE FIREWALL IPTABLES</th>
</tr>
</thead>
<tbody>
<tr>
<td>TABELA</td>
<td>
<select id="tabela" name="tabela">
<option value="nat" selected="selected">nat</option>
<option value="mangle">mangle</option>
<option value="filter">filter</option>
</select>
</td>
</tr>
<tr>
<td>CADEIA(Chain)</td>
<td>
<input type="text" size="50" name="cadeia" value="">
</td>
</tr>
<tr>
<td>PROTOCOLO</td>
<td>
<select id="protocolo" name="protocolo">
<option value="tcp" selected="tcp" >TCP</option>
<option value="udp">UDP</option>
<option value="icmp">ICMP</option>
<option value="all">TODOS</option>
</select>
</td>
</tr>
<tr>
<td>IP</td>
<td><input type="text" size="11" maxlength="11" name="ip" id="ip" Value=""></td>
</tr>
<tr>
<td>PORTA(max:65535)</td>
<td><input type="text" size="11" maxlength="5" name="porta" value=""></td>
</tr>
<tr>
<td>Permissoes(Target)</td>
<td>
<select id="alvo" name="alvo">
<option value="ACCEPT" selected="selected">ACCEPT</option>
<option value="REJECT">REJECT</option>
<option value="DROP">DROP</option>
</select>
</td>
</tr>
</tbody>
</table>
<p><input type="submit" class="style3" name="activar" value="Ativar Escolha"></p>
</form>
</body>
</html>
firewall.php
<?php
/**CODIGO firewall.php
*
* #iptables [-t tabela] [opção] [chain] [dados] -j [ação]
*/
//Verifica se foi pressiona o bottão na outra pagina
if(isset ($_POST['activar'])) {
//captura as variaveis do formulario
$Tabela = $_POST['tabela'];
$Cadeia = $_POST['cadeia'];
$Protocolo = $_POST['protocolo'];
$IP = $_POST['ip'];
$Porta = $_POST['porta'];
$Alvo = $_POST['alvo'];
//string com o comando a ser executado
$CMD = "sudo /usr/sbin/iptables -t $Tabela -A $Cadeia -p $Protocolo -s $IP --dport $Porta -j $Alvo";
//Execução do Comando
$resultado = shell_exec($CMD);
shell_exec($CMD);
echo "<p><b>CMD QUE VAI SER EXECUTADO</b>:</p> $CMD";
echo "<p><b>(CASO FALHE) TESTE O CMD NA CONSOLA PARA VERIFICA A SUA VALIDADE</b>:</p>";
/* Verifa se foi devolvido alguma mensagem é mostra*/
if(!empty($resultado)) {
echo "<p><b>O CMD devolveu o seguinte</b>:</p> $resultado";
}else {
echo "<p><b>O CMD não devolveu NADA</b>:</p>";
}
}
?>
/etc/sudoers
# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL) ALL
jefferson ALL=NOPASSWD: /usr/sbin/iptables, /usr/sbin/iptables-save, /usr/sbin/iptables-restore
nobody ALL=NOPASSWD: /usr/sbin/iptables, /usr/sbin/iptables-save, /usr/sbin/iptables-restore
#################################################################################################
apache ALL=NOPASSWD: /usr/sbin/iptables
apache ALL=NOPASSWD: /usr/sbin/iptables-save
apache ALL=NOPASSWD: /usr/sbin/iptables-restore
apache ALL=NOPASSWD: /sbin/arp
apache ALL=NOPASSWD: /bin/echo
apache ALL=NOPASSWD: /bin/rm
###################################################################################################
# Uncomment to allow members of group sudo to not need a password
# (Note that later entries override this, so you might need to move
# it further down)
%sudo ALL=NOPASSWD: ALL
jefferson ALL=NOPASSWD: /usr/sbin/iptables, /usr/sbin/iptables-save, /usr/sbin/iptables-restore
nobody ALL=NOPASSWD: /usr/sbin/iptables, /usr/sbin/iptables-save, /usr/sbin/iptables-restore
##################################################################################################
apache ALL=NOPASSWD: /usr/sbin/iptables
apache ALL=NOPASSWD: /usr/sbin/iptables-save
apache ALL=NOPASSWD: /usr/sbin/iptables-restore
apache ALL=NOPASSWD: /sbin/arp
apache ALL=NOPASSWD: /bin/echo
apache ALL=NOPASSWD: /bin/rm
####################################################################################################
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
jefferson ALL=NOPASSWD: /usr/sbin/iptables, /usr/sbin/iptables-save, /usr/sbin/iptables-restore
nobody ALL=NOPASSWD: /usr/sbin/iptables, /usr/sbin/iptables-save, /usr/sbin/iptables-restore
###################################################################################################
apache ALL=NOPASSWD: /usr/sbin/iptables
apache ALL=NOPASSWD: /usr/sbin/iptables-save
apache ALL=NOPASSWD: /usr/sbin/iptables-restore
apache ALL=NOPASSWD: /sbin/arp
apache ALL=NOPASSWD: /bin/echo
mas nao esta dando certo ja fiz de tudo..
criei um usuario apache
estou usando a distribuiçao ubuntu, php5 ,apache 2
por favor me ajudem