[CLUE-Tech] Here's an idea.
David Anselmi
anselmi at americanisp.net
Mon Apr 21 12:37:28 MDT 2003
Keith Hellman wrote:
> On Sat, Apr 19, 2003 at 06:39:06PM -0600, David Anselmi wrote:
>
>
>>Then I had an idea. Write a cron job to undo my iptables commands every
>>5 minutes. That way being locked out wouldn't be as painful.
>>
>
> Did you actually undo all your commands, or simply run an iptables
> command that makes sure ssh is available to your box?
What I did was undo all the commands (flush the default chains). That's
because I was starting from scratch. But if I'd started with a known
good config I could have just run commands to go back to known good.
That reminds me that I'm curious what happens to an existing connection
if a drop rule goes into effect and then out of effect while the
connection is idle. Seems that the connection should stay up but I
don't know.
And a related thought, what happens to existing connections when a dhcp
lease expires and the renewal changes the IP? Wish I had time to explore.
Dave
More information about the clue-tech
mailing list