From owner-freebsd-stable  Mon Aug  5 16:38: 9 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1895437B400
	for <FreeBSD-stable@FreeBSD.ORG>; Mon,  5 Aug 2002 16:38:06 -0700 (PDT)
Received: from ion.gank.org (ion.gank.org [198.78.66.164])
	by mx1.FreeBSD.org (Postfix) with ESMTP id B78BD43E6A
	for <FreeBSD-stable@FreeBSD.ORG>; Mon,  5 Aug 2002 16:38:05 -0700 (PDT)
	(envelope-from craig@meoqu.gank.org)
Received: from aldaris2.auir.gank.org (dsl081-113-221.dfw1.dsl.speakeasy.net [64.81.113.221])
	by ion.gank.org (GankMail) with ESMTP
	id 2DAB32C508; Mon,  5 Aug 2002 18:37:58 -0500 (CDT)
Subject: Re: making sure ipf doesn't lock you out during rule changes (was
	Re: remote upgrade stops ssh connections)
From: Craig Boston <craig@meoqu.gank.org>
To: Dan Langille <dan@langille.org>
Cc: FreeBSD-stable@FreeBSD.ORG
In-Reply-To: <3D4E299C.6846.11C676EE@localhost>
References: <5.1.1.6.0.20020804190542.04edb8b0@marble.sentex.ca> 
	<3D4E299C.6846.11C676EE@localhost>
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Mailer: Ximian Evolution 1.0.8 
Date: 05 Aug 2002 18:38:01 -0500
Message-Id: <1028590686.881.13.camel@aldaris2.auir.gank.org>
Mime-Version: 1.0
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

On Mon, 2002-08-05 at 06:30, Dan Langille wrote:
> On 5 Aug 2002 at 10:22, Dmitry Morozovsky wrote:
> > echo reboot | at +1hour
> > 
> > would be an protective weapon (like reload in 10 minutes for remote
> > Cisco, you know ;-)
> 
> That reminds me of this tip/trick I use when changing ipf rules:
> 
> ipf -s -Fa -f /etc/ipf.rules && sleep 10 && ipf -s

To anyone on the list who doesn't already know, make sure you do both of
these in a screen session or something similar.  I use similar tricks
when changing routing/firewall settings, but sometimes (usually if ICMP
unreachables start getting generated), the ssh connection gets closed
before the timeout, and the shell dies when its controlling terminal
goes away.

Running the command in screen solves this of course :)

Craig


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message