Programming Forums - Iptable Filtering

Programming Forums (http://www.programmingforums.org/forumindex.php)

- PHP (http://www.programmingforums.org/forum29.html)

- - Iptable Filtering (http://www.programmingforums.org/showthread.php?t=1161)

We recently got assigned a project where we need to allow access to our server via iptables.

The problem is that we don't know where to start because we come from a Windows environment. If someone has some info that could help us onto the right path we would highly appreciate it!

Thanks

zdb

Add to top of all pages...

<?php

  include("ipCheck.php");

?>

ipCheck.php

$ips = array("127.0.0.1",

          "0.0.0.0");



$access = 0;

foreach($ips as $col => $ip)

  if($_SERVER['REMOTE_ADRR'] == $ip) {

    $access = 1;

    break;

  }



if(!$access) {

  header("HTTP/1.0 403 Not Authorized");

  die();

}

I will give it a bash! Thanks.

zdb

IpTables as in a firewall?

The main idea behind this IPTable firewall it to deny \ allow access to the network \ server from remote areas. We need to decline access to the network to a wireless access user that should not be able to use our server for the internet. Do you have a way that might help Pizentios?

Thanks

Quote:

Originally posted by tempest@Nov 16 2004, 02:11 PM
Add to top of all pages...

:

<?php * *include("ipCheck.php"); ?>

ipCheck.php

:

$ips = array("127.0.0.1", * * * * * * * * * "0.0.0.0"); $access = 0; foreach($ips as $col => $ip) * *if($_SERVER['REMOTE_ADRR'] == $ip) { * * * *$access = 1; * * * *break; * *} if(!$access) { * *header("HTTP/1.0 403 Not Authorized"); * *die(); }

Is it possible to include this in a Firewall config file?

You'll have to write something that calls the firewall admin screen and gets the information you need with custom HTTP headers sent by your PHP application. This is a fairly complex procedure, i dont think that can be dropped in a firewall config file unless the firewall allows you to include PHP in some odd way, which is doubtful. There are ways to do this but its extremely complicated and takes hours to do...

Quote:

Originally posted by zdb@Nov 18 2004, 04:45 AM
The main idea behind this IPTable firewall it to deny \ allow access to the network \ server from remote areas. We need to decline access to the network to a wireless access user that should not be able to use our server for the internet. Do you have a way that might help Pizentios?

Thanks

What about using public and private keys. Only problem with that is that thew users will have to have they're own public key on what ever computer that they want to use.

Add to top of all pages...

<?php

  include("ipCheck.php");

?>

ipCheck.php

// * is random... you get the idea

$ips = "192.168.1.*";



$access = 1;

$rm = explode(".", $_SERVER['REMOTE_ADDR']);

foreach(explode(".", $ips) as $col => $ip) {

  if($ip != "*")

    if($ip != $rm[$col]) $access = 0;

}





if(!$access) {

  header("HTTP/1.0 403 Not Authorized");

  die();

}

Quote:

Originally posted by tempest@Nov 18 2004, 01:05 PM
You'll have to write something that calls the firewall admin screen and gets the information you need with custom HTTP headers sent by your PHP application. This is a fairly complex procedure, i dont think that can be dropped in a firewall config file unless the firewall allows you to include PHP in some odd way, which is doubtful. There are ways to do this but its extremely complicated and takes hours to do...

If it is not possible to add php to my firewall scripts, then how else should I approach it?

I need to be able to deny access to certain remote users to our Server. This would mean that they may not access anything outside their own pc (via our Server anyway) unless the script redirects them.

I suppose I could use Java \ Kylix then to interact with the IPTables and manage whoever gets on and off our net using packet filtering? I just thougt it would be easier to set up a script in the IPTable configs.

Will my Java \ Delphi (Kylix) approach work, I wonder. Can't see why not. I can do it in Windows and compile to Linux right? Well I'll give it a try then. Tx, Adios