D
D
Demaxler2015-12-23 21:19:06
iptables
Demaxler, 2015-12-23 21:19:06

Is it possible to create a rule in iptables for a while and how to make sure that there are no duplicate rules?

The point is this. A regular web page is created on which there is only one button. When this button is clicked, the real ip of the client is looked up by the php script and this ip is entered into the iptables rule to add access via ssh. For example:
<?php
$ip=$_SERVER["REMOTE_ADDR"];
$pop = popen("/usr/bin/sudo /sbin/iptables -A INPUT -p tcp -s $ip --dport 22 -j ACCEPT 2>&1", 'r');
$read = fread($pop, 2096);
echo $read;
?>
An example of a button is below, but it doesn't really matter anymore. When this script is called, a rule is created. Example:
Chain INPUT (policy ACCEPT 2 packets, 118 bytes)
pkts bytes target prot opt ​​in out source destination
7 488 ACCEPT tcp -- * * 10.0.5.25 0.0.0.0/0 tcp dpt:22
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt ​​in out source destination
Chain OUTPUT (policy ACCEPT 5 packets, 1060 bytes )
pkts bytes target prot opt ​​in out source destination
But when this script is called again, the following happens:
Chain INPUT (policy ACCEPT 4 packets, 274 bytes)
pkts bytes target prot opt ​​in out source destination
19 1072 ACCEPT tcp -- * * 10.0. 5.25 0.0.0.0/0 tcp dpt:22
0 0 ACCEPT tcp -- * * 10.0.5.25 0.0.0.0/0 tcp dpt:22
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt ​​in out source destination
Chain OUTPUT (policy ACCEPT 3 packets, 620 bytes )
pkts bytes target prot opt ​​in out source
destination And also the question is, how can you give access to the same ssh for, say, 2 hours, after which the rule will drop? Or is it necessary to create separate scripts? For example, by time the script is in cron, and from doubles by means of if.
Thanks for the answer!

Answer the question

In order to leave comments, you need to log in

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question