I wrote an application that allows non-root users to very selectively modify a single iptables chain (one chain per user). To this chain a user can add only the IP address to ignore, every other field is handled by the application. The IP address is checked so that it only contains digits, periods, and slashes (for CIDR notation); anything else and it will quit out.
Quake 3 Tables v0.1.1 (A wrapper to allow controlled access to iptables for remedial editing of a single table):
Usage: q3tables -a <IP> - Add an IPv4 address to the deny list
q3tables -d <IP> - Delete an IPv4 address from the deny list
q3tables -f - Flush the deny list
q3tables -l - List all IPv4 addresses in the deny list
This programs requires an iptables chain 'q3_filter_<UID>' to exist for each user.
Quake 3 Tables v0.1.1 #1 Tue Nov 6 05:20:27 PST 2007 (Linux cogburn.404ster.com 2.6.22-gentoo-r5 #4 SMP Mon Sep 24 00:26:22 PDT 2007 i686 Intel(R) Xeon(TM) CPU 2.40GHz GenuineIntel GNU/Linux)
Quake 3 Tables --
Copyright 2005-2007 Jeff Walter <jeff@404ster.com>
This program is free software; you can redistribute it and/or
modify it under the terms of version 2 of the GNU General
Public License as published by the Free Software Foundation
You can download the source tarball from my project page. If you or your server owner have questions, please let me know.