From owner-freebsd-stable Mon Aug 5 16:45:27 2002 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5874337B400 for ; Mon, 5 Aug 2002 16:45:24 -0700 (PDT) Received: from bast.unixathome.org (bast.unixathome.org [216.187.105.150]) by mx1.FreeBSD.org (Postfix) with ESMTP id AB4E143E6A for ; Mon, 5 Aug 2002 16:45:23 -0700 (PDT) (envelope-from dan@langille.org) Received: from wocker (wocker.unixathome.org [192.168.0.99]) by bast.unixathome.org (Postfix) with ESMTP id 949F33F28; Mon, 5 Aug 2002 19:45:22 -0400 (EDT) From: "Dan Langille" To: Craig Boston , FreeBSD-stable@FreeBSD.ORG Date: Mon, 5 Aug 2002 19:47:29 -0400 MIME-Version: 1.0 Subject: Re: making sure ipf doesn't lock you out during rule changes (was Re: remote upgrade stops ssh connections) Message-ID: <3D4ED651.26507.146917CA@localhost> References: <3D4E299C.6846.11C676EE@localhost> In-reply-to: <1028590686.881.13.camel@aldaris2.auir.gank.org> X-mailer: Pegasus Mail for Windows (v4.01) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 5 Aug 2002 at 18:38, Craig Boston wrote: > On Mon, 2002-08-05 at 06:30, Dan Langille wrote: > > On 5 Aug 2002 at 10:22, Dmitry Morozovsky wrote: > > > echo reboot | at +1hour > > > > > > would be an protective weapon (like reload in 10 minutes for > > > remote Cisco, you know ;-) > > > > That reminds me of this tip/trick I use when changing ipf rules: > > > > ipf -s -Fa -f /etc/ipf.rules && sleep 10 && ipf -s > > To anyone on the list who doesn't already know, make sure you do both > of these in a screen session or something similar. I use similar > tricks when changing routing/firewall settings, but sometimes (usually > if ICMP unreachables start getting generated), the ssh connection gets > closed before the timeout, and the shell dies when its controlling > terminal goes away. > > Running the command in screen solves this of course :) Good point. Thank you -- Dan Langille I'm looking for a computer job: http://www.freebsddiary.org/dan_langille.php To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message