On Thu, February 23, 2012 12:25 pm, Alan McKinnon wrote: > Just don't do what I did earlier: sit in Joburg and configure the > firewall on a Xen host in deepest darkest Africa where there's no > tarred roads to get to it.
How did you get the server there? Flown it in? I've seen the roads in Africa and those are difficult to navigate... (The tarmac'd ones are decent though) > Check the iptables config three times, > plus get your colleagues to look it over as well. We all signed off on > it. > > Guess what? Yup, you got it. We all missed something and now we are > locked out. Remember, it's in deepest darkest Africa. That's why I like the "ADMINISABSENTMINDED" option in the Shorewall config. It doesn't kill existing connections. I always test a new remote connection prior to closing the one I used to change it with. If I do accidentally kill my existing connection, the "safe_restart" option will cause it to roll-back if I don't accept the new settings before a time-out. -- Joost
