ClearFoundation

I've been considering ClearOS as a replacement for a SonicWall TZ100 in our Network. The primary application that runs behind the firewall is a Chat Server. The Chat Server has a webGUI for Administrator to edit user information etc. My inquiry is, can ClearOS Firewall rules be hosted on the MySQL Database on ClearOS? EG: If we wanted to ban a chatters IP address, can I create a PHP file on our Apache webserver to connect to ClearOS's MySQl Server and INSERT a row in a Firewall Rules table to avoid having to use the ClearOS GUI every time someone wanted to ban an IP address or a range of IP addresses?

Thanks!
Serenity

I considered another possible option, can I upload my own PERL or PHP file that I could send GET or POST requests to from our applications and allow the script to modify the iptables firewall?

You could populate custom entries in /etc/clearos/firewall.d/custom (the firewall should automatically restart when this file is changed)

I would highly advise setting up a separate chain for your user if you are going to be re-kicking the firewall all the time. This will allow you to flush the chain or add rules to it without upsetting the general table.

I was able to implement this a couple years ago; you could use a cron script to dump queued commands from MySQL but these methods will work on-the-fly.

You can do this two ways; the graceful and ideologically correct way is to manipulate the ClearOS API. I have no idea what changes have been made since 5.x but I would go out on a limb and say that this is all still possible with the 6.x API:

Remote Controlled Netfilter with ClearOS API

The brute force way may be much less secure but allows you to manipulate iptables directly:

Remote Controlled Netfilter with httpd, iptables and sudo

The other option - and this is my favourite - add a URI based rule to snort and redirect banned users to an address which triggers it.