Hi, > > */3 * * * * root iptables -A INPUT -i eth0 -p tcp -s > > MY_WORKSTATION_IP --dport 22 -j ACCEPT && echo "issued iptables cmd" > > > > | mail -a "From: [EMAIL PROTECTED]" -s "[iptables-keepalive]" > > > > [EMAIL PROTECTED] > > > > That does 2 things: > > > > 1. guarantees my access to the machine no matter how stupid I am > > configuring shorewall :) > > Actually, iptables -A INPUT will _append_ a rule to your INPUT chain > (iptables(8)), and this won't help you if your connection is matched by > an earlier blocking rule. To really make sure that you can reach the > machine after a failed firewall-reconfiguration, replace -A with -I, > which makes the rule inserted at the head of the chain, and hence, the > first rule to be matched.
this also wont help you if you lock yourself out with a rule in the mangle or nat table. I think iptables -t mangle -I PREROUTING 1 -i eth0 -p tcp -s $MY_WORKSTATION_IP --dport 22 -j ACCEPT should be the better way to do it your way. Bernd -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
