Apparently, though unproven, at 23:40 on Monday 24 January 2011, J. Roeleveld did opine thusly:
> On Monday 24 January 2011 19:47:43 Jarry wrote: > > Hi, > > > > I have to change rather complex iptables rules on server > > and I do not want to lock me out as this server is about > > 50 miles away. So how should I do it? > > > > I can back up the old rules by running: > > /etc/init.d/iptables save > > and it will be saved to /var/lib/iptables/rules-save > > (some strange format starting with number like [536:119208]) > > > > I prepared a script with new (modified) iptables-rules, > > which I will run in bash. But in case I screw something, > > how could I force netfilter to load old saved rules, > > if I for whatever reason do not connect to server (ssh)? > > > > Or can I load new iptables-rules for certain time, and > > then force netfilter to load back the old rules again? > > > > Jarry > > You could add the necessary rule(s) to ensure existing connections stay > active. > That way you can enable the new rules and test by openening a new SSH- > connection to the server. > If that works, you're ok. > If not, you can use the existing SSH-connection to go back to the old > rules. It's no help to the OP now, but around here we have a rule: Remote servers without a DRAC do not get installed. Period. -- alan dot mckinnon at gmail dot com
