Just to clarify my earlier statement, a small quote from the article
True it will only allow apache to run iptables as root, but then again anyone and his grandmother will be able to get apache/php to execute something like
apache ALL = (root) NOPASSWD: /sbin/iptables
This gives apache the ability to run the iptables command without the need for a passwork. Shock! Horror! Isn't that a security problem?
Well, not really, the addition allows apache to run iptables, and that's it, nothing else.
And the barn door is wide open for you..
iptables -i INPUT -s <your IP> -j ACCEPT
Not that it is impossible to implement some security messures, only allowing a certain host/interface to be the one executing the commands, but I'm just say that relying on making a control interface for something as critical as the controll of your firewall settings, is asking for exploitable holes.