iptables rules, cron, web auth

satanklawz has asked for the wisdom of the Perl Monks concerning the following question:

Greetings- I'm piddling (no, I don't think that is a word :P) with a script that'll automate iptables rules for cron jobs and a webpage authentication scheme(tm).

The question is this:
I've taken a gander at the implementation that theo@crazygeek.com has come up with but am not secure enough to use it just yet (i'm not dissing the plugin- just not comfortable with alpha code... even my own :P). So is my implementation to be best executed through sudo or suid?

Just asking for some advice. Personally, I'm leaning towards using sudo.
thx muchos

_{janitored by ybiC: Retitled from "iptables" for better search results}

Comment on iptables rules, cron, web auth

Replies are listed 'Best First'.
Re: iptables rules, cron, web auth by Zaxo (Archbishop) on Aug 13, 2002 at 02:51 UTC
Root's cronjobs will run as root. I'm uncertain what webspace authentication has to do with the problem. I'd be more comfortable if I knew what sort of rule mangling you propose. Most firewall setups rely on restrictive defaults, prepending rules to permit what is permitted. When done dynamically, it is usually part of the 'up' and 'down' -interface (or daemon) scripting. That is commonly done with /bin/sh so that only the root partition is needed to configure. That is a repairability issue. Node posted through lynx, watch me pound two rocks together! After Compline, Zaxo	[reply]
Re: (2) iptables rules, cron, web auth by satanklawz (Beadle) on Aug 13, 2002 at 14:53 UTC
i'm working on a web based authentication thing for people on a wlan. when they successfully log in, they can surf freely. so, in the background perl needs to update the iptables rulesets.	[reply]
Permissions by neilwatson (Priest) on Aug 13, 2002 at 15:04 UTC
I see a problem: Your webserver should be running as nobody. Nobody does not have permissions to run iptables. Giving nobody permission makes me leary that you'll be opening up other security issues. Neil Watson watson-wilson.ca	[reply]
Re: (2) iptables rules, cron, web auth by Anonymous Monk on Sep 06, 2002 at 18:32 UTC
Just a note for other people who might have a similar problem. I didn't wind up using perl sudo, too many means and methods for remote exploits. I just installed and am using sudo. What the purpose was was for clients to log into a webpage, once logged in, the script would add an iptables rule to let their traffic go through. Tis all, easy enough.	[reply]