I use this line:
*/3 * * * * root iptables -A INPUT -i eth0 -p tcp -s
MY_WORKSTATION_IP --dport 22 -j ACCEPT && echo "issued iptables cmd"
| mail -a "From: [EMAIL PROTECTED]" -s "[iptables-keepalive]"
[EMAIL PROTECTED]
That does 2 things:
1. guarantees my access to the machine no matter how stupid I am
configuring shorewall :)
2. reminds me LOUDLY and annoyingly every 3 minutes to turn it off
once I'm done testing.
also if you run postfix I have a hardening script which turns it into
a send-only mailer and disables local delivery. it's invisible on
port 25, too, which is nice.
:)
_a
On Dec 15, 2005, at 2:14 PM, kevin bailey wrote:
Dale Amon wrote:
On Thu, Dec 15, 2005 at 12:27:01PM +0000, kevin bailey wrote:
2. firewall
not i'm not sure about the need for a firewall - i may need to
access the
server over ssh from anywhere. also, to run FTP doesn't the
server need
to be able to open up a varying number of ports.
There is a way around this. If you are really worried
about a mistake, use 'at' to turn the firewall off after
5 minutes. That way you can set up your test and if
you screwed up you only have to wait a few min before
it goes away. If it worked, you just kill the queued
at command line.
top tip!!!
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact
[EMAIL PROTECTED]
--
alex black, founder
the turing studio, inc.
510.666.0074
[EMAIL PROTECTED]
http://www.turingstudio.com
2600 10th street, suite 635
berkeley, ca 94710
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
