From owner-freebsd-stable  Mon Aug  5  4:28:37 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9D41A37B400
	for <FreeBSD-stable@FreeBSD.ORG>; Mon,  5 Aug 2002 04:28:34 -0700 (PDT)
Received: from bast.unixathome.org (bast.unixathome.org [216.187.105.150])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2266C43E4A
	for <FreeBSD-stable@FreeBSD.ORG>; Mon,  5 Aug 2002 04:28:34 -0700 (PDT)
	(envelope-from dan@langille.org)
Received: from wocker (wocker.unixathome.org [192.168.0.99])
	by bast.unixathome.org (Postfix) with ESMTP
	id 30ADC3F28; Mon,  5 Aug 2002 07:28:33 -0400 (EDT)
From: "Dan Langille" <dan@langille.org>
To: Dmitry Morozovsky <marck@rinet.ru>
Date: Mon, 5 Aug 2002 07:30:36 -0400
MIME-Version: 1.0
Subject: making sure ipf doesn't lock you out during rule changes (was Re: remote upgrade stops ssh connections)
Cc: Dan Langille <dan@langille.org>, <FreeBSD-stable@FreeBSD.ORG>
Message-ID: <3D4E299C.6846.11C676EE@localhost>
References: <5.1.1.6.0.20020804190542.04edb8b0@marble.sentex.ca>
In-reply-to: <20020805102128.I6574-100000@woozle.rinet.ru>
X-mailer: Pegasus Mail for Windows (v4.01)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

On 5 Aug 2002 at 10:22, Dmitry Morozovsky wrote:

> On Sun, 4 Aug 2002, Mike Tancsa wrote:
> 
> echo reboot | at +1hour
> 
> would be an protective weapon (like reload in 10 minutes for remote
> Cisco, you know ;-)

That reminds me of this tip/trick I use when changing ipf rules:

ipf -s -Fa -f /etc/ipf.rules && sleep 10 && ipf -s

This swaps the active and inactive ruleset, flushes the active 
ruleset, and then loads the rules from the specified file.   Then you 
have 10 seconds to ensure that your ssh connection still works.  I 
usually type a few characters, make sure they echo, then press 
control C.  If you can't type anything, the rule sets will be swapped 
again by the third command and you'll be left with the rule set you 
originally started with.
-- 
Dan Langille
I'm looking for a computer job:
http://www.freebsddiary.org/dan_langille.php


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message