I would like to implement iptables into my module, now I want to know if
I should even try to do this. I know the worker processes don’t run as
root but the master does. So this most likely means I would need to
utilize the system() command using the master process?
Is this the right way to go about this, or do I just need to stop
pursuing this and let other stuff as fail2ban.
If it’s possible to pursue I just need some quick guidance on how I
could achieve this.
Is there a way to detect if the module is quitting versus reloading. I
know how to tell if it’s quitting by attaching a method to the exit
process. But I can not tell if it’s for a reload?
Well if you are running nginx as a non root user. Then you need to add
the following lines to /etc/sudoers
Defaults:nginx !requiretty
nginx ALL=(root) NOPASSWD: /sbin/iptables
The above is necessary because iptables can only be modified as root.
I can’t dump the code here for my module because it’s irrelevant, but
you can basically use the system() command at this point to add an entry
from IP tables.
Posted at Nginx Forum:
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.