Hi Eddy, > Problem: That leaves you open for five minutes after a reboot.
How often do you reboot? If it's more than once per month then it's too often. > What I suggest is writing a quick shell script that flushes the > firewall rules, loads the new rules, then sleeps for a minute or > two. If not killed, it then flushes the ipchains and reloads > your old ruleset. I might be wrong here, but scripts are bound to the user session, right? That's most likely an incorrect term and what I want to say is this: You start a script from SSH (or Telnet) and when you close the connection the script will be termintated, too. Unless you daemonized it, which requires more than pushing it into the background with an "&". So if improper firewall rules interfere with your shell session, then you're still as much screwed with your proposed script as you are without. > Portmaster 2's are cheap nowadays. Buy one and give yourself > serial console access to all your boxen. Unfortunately too many ISPs charge you extra for setting them up in their datacenter. But personally I think that these devices (not neccessarily from that manufacturer) are an investment well worth it. -- With best regards, Michael Stauber [EMAIL PROTECTED] Unix/Linux Support Engineer _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
