Hi,
Just to add further confusion into the equation, I am managing ShoreWall
via CFEngine. If you get that wrong you can never undo the changes
because the client can no longer contact the server, so you have to
correct it manually.
Perhaps one solution would be to look at a panic script that would run
in certain events. It would enable a user to write a cfengine script
that (for example, in my case) would disable the firewall, run
update.conf to download the latest cfengine files from the server, and
restart the firewall again.
The other thing I have managed to do is to edit cfservd.conf in the
repository, with a configuration that denied all connections, and then
had to edit the live copy to get it all to work again (which was then
promptly overwritten by the bad version again. duh!).
Regards,
Marco.
_______________________________________________
Help-cfengine mailing list
Help-cfengine@gnu.org
http://lists.gnu.org/mailman/listinfo/help-cfengine
