From owner-freebsd-questions@FreeBSD.ORG Mon Sep 5 01:04:32 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3D09516A41F for ; Mon, 5 Sep 2005 01:04:32 +0000 (GMT) (envelope-from sineathj1@citadel.edu) Received: from citadel.edu (mail.CITADEL.EDU [155.225.6.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id D156C43D45 for ; Mon, 5 Sep 2005 01:04:31 +0000 (GMT) (envelope-from sineathj1@citadel.edu) Received: from [155.225.151.230] (HELO IBMTWAQPEF2DWZ) by citadel.edu (CommuniGate Pro SMTP 4.2.8) with SMTP id 53454642; Sun, 04 Sep 2005 21:07:45 -0400 Message-ID: <000701c5b1b5$c2809210$e697e19b@IBMTWAQPEF2DWZ> From: "James Bowman Sineath, III" To: "Grant Peel" , References: <001b01c5b1b0$1974c290$6601a8c0@GRANT> Date: Sun, 4 Sep 2005 21:04:06 -0400 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=response Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Cc: Subject: Re: IPFW lockout. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Sep 2005 01:04:32 -0000 > Hi all, > > I have a small problem on one of my dev boxes. I have a bod bootup ipfw > rulset and I find myself locked out of the machine. > > There will be a technician at the NOC on Tuesday that will be able to > assist me. > > My question is: Will he/she be able to simply reboot, logon as root as > normal? > > - and then - > > disable IPFW in rc.conf ... or will the loopback rule not being present > cause more mahem than I think it will? > > -Grant He should be able to login without any problems. On another note, in the future whenever you make changes to your system that could potentially lock you out, use crontab to disable them after a short amount of time. For example, when I was reconfiguring sshd, I crontab'ed 'killall sshd && sshd -f /root/sshd_config_old' and moved the default config file to my /root directory. Also when playing with my ipfw rules, I crontab'ed 'ipfw disable firewall' for every 15 minutes until I got it working the way I wanted too. Be VERY careful with this though. Don't use it and then forget to remove the lines from your /etc/crontab. Remove them as soon as you get it configured the way you want too. This is obviously a serious security risk, so don't use it very often. If you are worried about disabling your firewall, then create a small ipfw script to deny all connections except from your IP address and crontab that instead of 'ipfw disable firewall'. Also keep in mind to enable your firewall again you will need to type 'ipfw enable firewall'. Bow Sineath Class of 2006, the Citadel sineathj1@citadel.edu - bow.sineath@gmail.com