Date: Wed, 20 Apr 2005 23:20:48 +1000 From: Aristedes Maniatis <ari@ish.com.au> To: Scott Robbins <scottro@nyc.rr.com> Cc: freebsd-stable@freebsd.org Subject: Remote firewall changes, Was: Newbie Question About System Update Message-ID: <52607941c4729226852cde5d42f7085e@ish.com.au> In-Reply-To: <20050419200510.GA38661@uws1.starlofashions.com> References: <426447F8.5090209@charter.net> <200504191317.j3JDH76H001458@drjekyll.mkbuelow.net> <20050419120053.6ad17df1.wmoran@potentialtech.com> <42655B8E.5020603@mac.com> <42655DD9.7020300@t-hosting.hu> <20050419200510.GA38661@uws1.starlofashions.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 20/04/2005, at 6:05 AM, Scott Robbins wrote: > (And of course the obvious--DO NOT shut down the sshd daemon.) :) > > Ok, everyone who has NEVER ever made that mistake (or locked themself > out with a firewall rule, accidentally putting it into effect before > testing) raise their hand. :) Yes, that would be me. But someone taught me a great trick...the "at" command. So, just before you blow away your access with changes to ipfw, do this: echo "ipfw add 1 pass all from any to any" at now +10 minutes Then if all goes OK, use atq to remove the queue item. If not, wait 10 minutes... Ari Maniatis --------------------------> ish group http://www.ish.com.au Level 1, 30 Wilson Street Newtown 2042 Australia phone +61 2 9550 5001 fax +61 2 9550 4001 PGP fingerprint 08 57 20 4B 80 69 59 E2 A9 BF 2D 48 C2 20 0C C8
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?52607941c4729226852cde5d42f7085e>