Using iptables without root privileges

AlexR asked:

When running the following script as user ec2-user, I get the error message iptables v1.4.18: can't initialize iptables table filter: Permission denied (you must be root)

Script:

#!/bin/sh
# Offending IP as detected by mod_evasive
# Add the following firewall rule (block IP)
$IPTABLES -I INPUT -s $IP -j DROP

How can I run iptables as a non-root user to block a IP address?

NB: This script is usually called by mod_evasive

My answer:


Set the setuid bit on the script, so that it always runs as root.

chown root myscript
chmod u+s myscript

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.