[CentOS] Apache Changing IPtables C 5.6 via Apache

[Kenneth Porter]

--On Sunday, August 21, 2011 2:51 AM +0100 Always Learning 
<centos at u61.u22.net> wrote:

> I am acutely conscious of being locked-out. I can get in remotely via
> the console. However the very first entries in every server's iptables
> have always been to allow 3 static IPs access. 3test comes later on in
> the sequence, ensuring what happens there should never lock me out.

To reduce the attack surface, create a script that can only update that 
subtable with a supplied IP address and then invoke it by sudo.