Q I'm using a Red Hat 9 server as my router and iptables to shut down all unnecessary ports, but sometimes I want to turn off two additional ports using a web page interface, while keeping the existing rules in place. I figured PHP was the best item to use, but since I've never really used PHP I was hoping this would be a simple question for an experienced programmer. How do I do it?
A Modifying iptables rules can be done easily through PHP using the system function, which allows execution of a system binary. However, this would require the web server to run as root, which is pretty insecure and may compromise the system through the web service. You may want to look at a firewall system that gives you a graphical interface to your iptables rules, such as Astaro, ClarkConnect or SmoothWall. Depending upon what exactly you want to do with the ports you open, a technology that permits VPN access to the network such as OpenVPN or IPsec may be a better alternative than opening the Linux system up to possible security breaches.