一.确定php的sysem等函数可用
二.编写c程序,如ipt.c
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <unistd.h>
int main()
{
uid_t uid ,euid;
uid = getuid() ;
euid = geteuid();
if(setreuid(euid, uid)) //交换这两个id
perror("setreuid");
system("/sbin/iptables -nL --line-number"); //执行iptables -L命令
return 0;
}
编译
gcc -o ipt -Wall ipt.c
赋予权限:
chmod u+s ipt
php调用:
system("/scripts/ipt",$retval);
三.携带参数
ipt_accept.c
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <unistd.h>
int main(int agrc,char* argv[])
{
uid_t uid ,euid;
uid = getuid() ;
euid = geteuid();
if(setreuid(euid, uid)) //交换这两个id
perror("setreuid");
char buf[500];
sprintf(buf,"iptables -A INPUT -p tcp -s %s --dport 3306 -j ACCEPT",argv[1]);
system(buf); //执行iptables -L命令
return 0;
}
编译
gcc -o ipt_accept -Wall ipt_accept.c
赋予权限:
chmod u+s ipt_accept
php调用:
system("/scripts/ipt_accept " . $ip,$retval);