From owner-freebsd-stable@FreeBSD.ORG Wed Apr 20 13:20:56 2005 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9D21A16A4D1 for ; Wed, 20 Apr 2005 13:20:56 +0000 (GMT) Received: from fish.ish.com.au (adsl-52-22.swiftdsl.com.au [218.214.52.22]) by mx1.FreeBSD.org (Postfix) with ESMTP id E6D2043D31 for ; Wed, 20 Apr 2005 13:20:55 +0000 (GMT) (envelope-from ari@ish.com.au) Received: from [203.29.62.9] (helo=neuro.net.au) by fish.ish.com.au with esmtps (SSLv3:DES-CBC3-SHA:168) (Exim 4.43) id 1DOF4e-00001c-4m; Wed, 20 Apr 2005 23:17:01 +1000 Received: from [203.29.62.188] (HELO [203.29.62.188]) by neuro.net.au (CommuniGate Pro SMTP 4.3c2) with ESMTP id 1620905; Wed, 20 Apr 2005 23:20:50 +1000 In-Reply-To: <20050419200510.GA38661@uws1.starlofashions.com> References: <426447F8.5090209@charter.net> <200504191317.j3JDH76H001458@drjekyll.mkbuelow.net> <20050419120053.6ad17df1.wmoran@potentialtech.com> <42655B8E.5020603@mac.com> <42655DD9.7020300@t-hosting.hu> <20050419200510.GA38661@uws1.starlofashions.com> Mime-Version: 1.0 (Apple Message framework v622) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <52607941c4729226852cde5d42f7085e@ish.com.au> Content-Transfer-Encoding: 7bit From: Aristedes Maniatis Date: Wed, 20 Apr 2005 23:20:48 +1000 To: Scott Robbins X-Mailer: Apple Mail (2.622) cc: freebsd-stable@freebsd.org Subject: Remote firewall changes, Was: Newbie Question About System Update X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Apr 2005 13:20:56 -0000 On 20/04/2005, at 6:05 AM, Scott Robbins wrote: > (And of course the obvious--DO NOT shut down the sshd daemon.) :) > > Ok, everyone who has NEVER ever made that mistake (or locked themself > out with a firewall rule, accidentally putting it into effect before > testing) raise their hand. :) Yes, that would be me. But someone taught me a great trick...the "at" command. So, just before you blow away your access with changes to ipfw, do this: echo "ipfw add 1 pass all from any to any" at now +10 minutes Then if all goes OK, use atq to remove the queue item. If not, wait 10 minutes... Ari Maniatis --------------------------> ish group http://www.ish.com.au Level 1, 30 Wilson Street Newtown 2042 Australia phone +61 2 9550 5001 fax +61 2 9550 4001 PGP fingerprint 08 57 20 4B 80 69 59 E2 A9 BF 2D 48 C2 20 0C C8