Recommend this page to a friend! |
Download .zip |
Info | View files (3) | Download .zip | Reputation | Support forum | Blog | Links |
Last Updated | Ratings | Unique User Downloads | Download Rankings | |||||
2009-07-01 (7 years ago) | Not enough user ratings | Total: 549 | All time: 5,248 This week: 1,045 |
Version | License | PHP version | Categories | |||
phphilter 0.1 | GNU General Publi... | 5.0 | HTTP, PHP 5, Unix, Security |
Description | Author | ||||||||||||||||
This class can be used to grant access to remote users using iptables. Innovation Award
|
|
PhPhilter grant access to remote server/port via iptables packet filtering ========================================== Version 0.1 (June 2009) This class can allow or deny access to a specific port via *nix 'iptables' command. I developed this class because i have an application running under tomcat on port 9521, and there is no way for me to use an apache 'htaccess' method to manage accesses to this port. With this script i have created a web page redirecting browser requests to tomcat server. For all granted access, will be inserted in my firewall list a rule with port 9521 access. User can be enabled with user/password or by ip. Installation: - copy class.phphilter.php and auth.php scripts to a web accessible folder. - change auth.php redirect url to your application. Rename auth.php to index.php if you like. - enable apache user to use 'iptables' with sudo and without password request, editing /etc/sudoers and adding a row with: wwwrun ALL= PASSWD:ALL, NOPASSWD: /usr/sbin/iptables be aware that apache user could be different from 'wwwrun' and 'iptables' pathname could be different too. - Edit class.phpfilter.php and adjust some values: _IPTABLES check if 'sudo' and 'iptables' commands need to be changed _CHAIN firewall CHAIN (default 'INPUT') _PORT set to port value _HOST_ALLOW insert all fix ip values with granted access without user/password request, comma separated. you can put here a simple ip value or ip range (ie. '195.110.135.42' or '195.110.135.128/25') _HOST_DENY insert all ip you deny access, in the same way of _HOST_ALLOW $passwd all user/password values - configure your firewall inserting a rule like this: iptables -A INPUT -p tcp --dport 9521 -j DROP so at next reboot all accesses to this port will be denied until users will authenticate themselves, where 'INPUT' is the same value of '_CHAIN' class field and '9521' is the same value of '_PORT' class field. example: my initial firewall INPUT chain situation: admin@linux-peppe:~> sudo /usr/sbin/iptables -L INPUT -n Chain INPUT (policy ACCEPT) target prot opt source destination DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9521 after first access from authorized/authenticated user with ip 127.0.0.1 (localhost): admin@linux-peppe:~> sudo /usr/sbin/iptables -L INPUT -n Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- 127.0.0.1 0.0.0.0/0 tcp dpt:9521 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9521 after second access from authorized/authenticated user with ip 10.98.61.138: admin@linux-peppe:~> sudo /usr/sbin/iptables -L INPUT -n Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- 10.98.61.138 0.0.0.0/0 tcp dpt:9521 ACCEPT tcp -- 127.0.0.1 0.0.0.0/0 tcp dpt:9521 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9521 and so on. Download: http://www.phpclasses.org Giuseppe Lucarelli giu.lucarelli@gmail.com Enjoy! |
Files |
File | Role | Description |
---|---|---|
auth.php | Example | sample script to run phphilter class |
class.phphilter.php | Class | class script source |
README | Doc. | documentation file |
Version Control | Unique User Downloads | Download Rankings | |||||||||||||||
0% |
|
|
Applications that use this package |
If you know an application of this package, send a message to the author to add a link here.
Pages that reference this package |
Centos Firewall voor de onwetende gezocht.. nja er zijn classes gemaakt om iptables aan te sturen dacht ik... phpclasses.org... |