Well if you are running nginx as a non root user. Then you need to add the following lines to /etc/sudoers
Defaults:nginx !requiretty
nginx ALL=(root) NOPASSWD: /sbin/iptables
The above is necessary because iptables can only be modified as root.
I can't dump the code here for my module because it's irrelevant, but you can basically use the system() command at this point to add an entry from IP tables.