Remote firewall changes, Was: Newbie Question About System
Update
dtalk-ml at prairienet.org
dtalk-ml at prairienet.org
Wed Apr 20 07:49:03 PDT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Aristedes Maniatis wrote:
>> Ok, everyone who has NEVER ever made that mistake (or locked themself
>> out with a firewall rule, accidentally putting it into effect before
>> testing) raise their hand. :)
>
> Yes, that would be me. But someone taught me a great trick...the "at" command.
> So, just before you blow away your access with changes to ipfw, do this:
>
> echo "ipfw add 1 pass all from any to any" at now +10 minutes
>
> Then if all goes OK, use atq to remove the queue item. If not, wait 10
> minutes...
Why not just include an allow rule for a handful of management addresses
in set 31? That's been pretty close to idiot-proof for me, and has
definitely saved my bacon.
- --
David Talkington
dtalk-ml at prairienet.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (FreeBSD)
iD8DBQFCZmvp5FKhdwBLj4sRAlK4AKCUR/lg/VtZnMcIsRnaZ2pnEjffYwCghklp
SYold53kPf7w8w/cGWsVsV0=
=VHss
-----END PGP SIGNATURE-----
More information about the freebsd-stable
mailing list