From owner-freebsd-questions@FreeBSD.ORG  Fri Nov 30 10:11:19 2012
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
 by hub.freebsd.org (Postfix) with ESMTP id 449001DE
 for <freebsd-questions@freebsd.org>; Fri, 30 Nov 2012 10:11:19 +0000 (UTC)
 (envelope-from hello@greenasia1.com)
Received: from mail1114.elasticemail.info (mail1114.elasticemail.info
 [176.31.7.114]) by mx1.freebsd.org (Postfix) with SMTP id A421F8FC12
 for <freebsd-questions@freebsd.org>; Fri, 30 Nov 2012 10:11:17 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha1; bh=rs9ync4TGhQMdDzZfS3Eab6U/3c=;
 c=relaxed/relaxed; d=greenasia1.com; s=api;
 h=DomainKey-Signature:MIME-Version:Subject:Date:From:Reply-To:To:List-Unsubscribe:Message-ID:Content-Type;
 b=gJTv6Hrp8Wow6zCrCyxp0fou/qyy01MQFO615w2IPFhWlWCw3VySXGZSBJf15ns16XELGgNC7Ag4K7tjmTGTC4ucSzU6s7fMfMt2i9mEExatPNJKFda7CCNQJCKPV2MtvCGG6xxqAw/tuXVbz/nQfBMp99+0Aonh7/7QoWGrBeE=
DomainKey-Signature: q=dns; a=rsa-sha1; c=simple; d=greenasia1.com; s=api;
 h=MIME-Version:X-Mailer:X-Priority:Subject:Date:From:Reply-To:To:List-Unsubscribe:Message-ID:Content-Type;
 b=ZGJusJi0dS9gqdEJLyHs1tXjM8kFGswyXNnzXP3HPAnx0//2td8tWGQu6e0QlXxF1Eq5oWuoi9B9N1HBWUwJ/X2sxZTy6x4b8yRclAvOcDg0IGgX8vOZ27wMZ4a8X8En5EM7eltdjHnNw8uNHAfwxPxoUJV8IGt1H16NBE/iSVg=
MIME-Version: 1.0
X-Mailer: api.greenasia1.com
X-Priority: 3 (Normal)
Subject: Paperless bills from GreenPost
Date: Fri, 30 Nov 2012 10:01:15 +0000
From: "GreenPost" <hello@greenasia1.com>
To: freebsd-questions@freebsd.org
Message-ID: <4tngsk22ek5c.ln501r-fxopdo40@api.greenasia1.com>
Content-Type: text/plain;
	charset="utf-8"
Content-Transfer-Encoding: base64
X-Content-Filtered-By: Mailman/MimeDel 2.1.14
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
Reply-To: GreenPost <hello@greenasia1.com>
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Nov 2012 10:11:19 -0000

WW914oCZcmUgcmVjZWl2aW5nIHRoaXMgZW1haWwgYmVjYXVzZSB5b3UgcmVxdWVzdGVkIHRvIGJl
IG5vdGlmaWVkIGFib3V0IEdyZWVuUG9zdC4gSWYgeW91IGRvIG5vdCB3YW50IHRvIHJlY2VpdmUg
YW55IG1vcmUgbmV3c2xldHRlcnMsIHBsZWFzZSB1bnN1YnNjcmliZSBmcm9tIHRoaXMgbGluayAN
CiAgDQogSW50cm9kdWNpbmcgbmV3IGFuZCBpbm5vdmF0aXZlIEdyZWVuUG9zdCEgDQogIA0KIEdy
ZWVuUG9zdCBpcyBhIHNtb290aCwgcGFwZXJsZXNzIGJpbGwgYWdncmVnYXRpb24gc3lzdGVtIHRo
YXQgZW5hYmxlcyB5b3UgdG8gbWFuYWdlIGFsbCB5b3VyIGJpbGxzIGFueXdoZXJlIGFueXRpbWUh
IA0KICANCiBTaW5nbGUgbG9naW4sIFNheSBnb29kYnllIHRvIOKAmGxvZ2luIGZhdGlndWXigJkg
DQogR3JlZW5Qb3N0IHJldHJpZXZlcywgb3JnYW5pc2VzIGFuZCBzdG9yZXMgeW91ciBiaWxscyBh
dXRvbWF0aWNhbGx5IGZvciB5b3UuIA0KIEF2b2lkIHRoZSBzdHJlc3Mgb2YgbGF0ZSBmZWVzIGFu
ZCBodW50aW5nIGZvciB5b3VyIGJpbGxzLiANCiBQZXJzb25hbGl6ZWQgYmlsbCByZW1pbmRlcnMs
IHVzZWZ1bCBzcGVuZGluZyBjaGFydHMgYW5kIGF3YXJkZWQgbW9iaWxlIGFwcHMgDQogV2hldGhl
ciBhdCB3b3JrLCBjb21tdXRpbmcsIG92ZXJzZWFzIG9yIG9uIHRoZSBjb3VjaCwgeW91ciBiaWxs
cyBhcmUgYWx3YXlzIHdpdGggeW91IG9uIEdyZWVuUG9zdCdzIGF3YXJkLXdpbm5pbmcgbW9iaWxl
IGFwcHMgDQogU2lnbiB1cCBub3cgDQogKiBjaGVjayBvdXQgbW9yZSBkZXRhaWxzIGF0IHd3dy5n
b2dyZWVucG9zdC5jb20NCg0KR3JlZW5Qb3N0IMK3IDQwMSBNYWNwaGVyc29uIHJvYWQgwrcgIzAy
LTA4IMK3IFNpbmdhcG9yZSAzNTAxMzEuDQpHcmVlblBvc3QgwqkgMjAxMiANCiA=
From owner-freebsd-questions@FreeBSD.ORG  Fri Nov 30 10:32:57 2012
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
 by hub.freebsd.org (Postfix) with ESMTP id 59C1E614;
 Fri, 30 Nov 2012 10:32:57 +0000 (UTC)
 (envelope-from steve@sohara.org)
Received: from uk1rly2283.eechost.net (relay01a.mail.uk1.eechost.net
 [217.69.40.75])
 by mx1.freebsd.org (Postfix) with ESMTP id 132E38FC0C;
 Fri, 30 Nov 2012 10:32:56 +0000 (UTC)
Received: from [31.186.37.179] (helo=smtp.marelmo.com)
 by uk1rly2283.eechost.net with esmtpa (Exim 4.72)
 (envelope-from <steve@sohara.org>)
 id 1TeNud-00008s-0J; Fri, 30 Nov 2012 10:33:39 +0000
Received: from [172.16.12.2] (helo=macbookpro06374.sportex.com)
 by smtp.marelmo.com with smtp (Exim 4.80.1 (FreeBSD))
 (envelope-from <steve@sohara.org>)
 id 1TeNtt-0008BM-G3; Fri, 30 Nov 2012 10:32:53 +0000
Date: Fri, 30 Nov 2012 10:32:51 +0000
From: Steve O'Hara-Smith <steve@sohara.org>
To: Eugen Konkov <kes-kes@yandex.ru>
Subject: Re: Re[2]: How to allow httpd to run 'ipfw table 7 add ... '
Message-Id: <20121130103251.b3415efe.steve@sohara.org>
In-Reply-To: <312952428.20121129230308@yandex.ru>
References: <8310543741.20121129054846@yandex.ru>
 <BA4D4ADD-3E5A-4719-B3B0-1D90B7E7CCAA@fisglobal.com>
 <20121129193835.8896ea0d.steve@sohara.org>
 <312952428.20121129230308@yandex.ru>
X-Mailer: Sylpheed 3.1.0 (GTK+ 2.24.0; i386-apple-darwin10.6.0)
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Auth-Info: 15567@permanet.ie (plain)
Cc: Devin Teske <dteske@freebsd.org>, Devin Teske <devin.teske@fisglobal.com>,
 FreeBSD Questions <freebsd-questions@freebsd.org>
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Nov 2012 10:32:57 -0000

On Thu, 29 Nov 2012 23:03:08 +0200
Eugen Konkov <kes-kes@yandex.ru> wrote:

> Здравствуйте, Steve.

> SOHS>         The only problem with this is it will allow apache to
> SOHS> do anything with ipfw including flush all of the rules. I would
> SOHS> suggest having apache dumping the parameters of the command to
> SOHS> be run into a queue of some kind (named pipe perhaps or a file
> SOHS> based queue if it's important to survive shutdowns) and have a
> SOHS> process reading the queue, sanity checking the parameters and
> SOHS> then executing the appropriate command.
> 
> maybe:
> apache host=(root) NOPASSWD: /my/script/add_table.pl
> apache host=(root) NOPASSWD: /my/script/del_table.pl
> 
> this will restrict apache to run only add/del tasks with table.
> what do you think?

	That also works. I have a slight preference for queue based approaches but that's just me really.

-- 
Steve O'Hara-Smith <steve@sohara.org>