* alex black <[EMAIL PROTECTED]> [2005-12-15 23:50:42]: > I use this line: > > */3 * * * * root iptables -A INPUT -i eth0 -p tcp -s > MY_WORKSTATION_IP --dport 22 -j ACCEPT && echo "issued iptables cmd" > | mail -a "From: [EMAIL PROTECTED]" -s "[iptables-keepalive]" > [EMAIL PROTECTED] > > That does 2 things: > > 1. guarantees my access to the machine no matter how stupid I am > configuring shorewall :) >
Actually, iptables -A INPUT will _append_ a rule to your INPUT chain (iptables(8)), and this won't help you if your connection is matched by an earlier blocking rule. To really make sure that you can reach the machine after a failed firewall-reconfiguration, replace -A with -I, which makes the rule inserted at the head of the chain, and hence, the first rule to be matched. /Andreas -- andreas blaafladt <[EMAIL PROTECTED]> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
