On Sun, 21 Apr 2013 10:10:30 +0100 Mark Rogers mark@quarella.co.uk allegedly wrote:
(I worry when playing with iptables via an SSH connection that I might screw something up and block access to myself, so I run the commands directly and confirm they do what I want, and if not I always have the ability to reboot the server remotely to remove the iptables rules if needed. If they do what I want they go into /etc/rc.local. Is that all sensible?)
One way to avoid locking yourself out when playing with iptables on a remote machine would be to add an entry to root's cron to flush the tables every N minutes or at time X (choose N or X to suit your circumstances). This will ensure that if the worst happens, then the tables will be deleted and you can get back in. But of course that will leave the box exposed for the period in which the tables are empty. Caveat emptor.
Of course, you may wish to save the current tables to a file before flushing so that you know where you were in your experiments.
Mick
(Oh, and of course don't forget to delete the cron entry when you have the rules set up the way you want them........)
---------------------------------------------------------------------
blog: baldric.net gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312
---------------------------------------------------------------------