I need for support personnel to be able to open firewall holes via the web. I know this is a permissions nightmare but I have to do it. I have gotten as far as creating a perl program which can do it, but when I run an iptables-restore command from a perl script run from apache through the web I get,
FATAL: Module ip_tables not found. ...
iptables-restore v1.4.3.1:
iptables-restore: unable to initialize table 'filter' ...
I use iptables all the time on this box but apparently without needing the ip_tables module. If I run the same script from the console as root there is no problem. Any help is appreciated.
I would deploy WebMin for this.
I would suggest running the perl script using lighthttpd or something similar that will be setup to run as root rather then apache, and also listen on a non-standard port like 12345.
Here is a howto on configurating lighthttpd with perl: http://www.cyberciti.biz/tips/lighttpd-howto-setup-cgi-bin-access-for-perl-programs.html
Also don't forget to comment out server.username and server.groupname in lighthttpd.
To get the security a little better would be good to introduce at least http authentication and limit the IP's that can access this port.