Mike:
> > > I would suggest some sort of watchdog feature. If the ssh link
> > > breaks then revert to the previous configuration.
> >
> >I don't know about LRP 2.9.4 and its descendents, but LRP 2.9.7 and
> >all descendents (including Oxygen) come with a watchdog daemon;
> >Oxygen comes with it disabled, since I have had repeated reboots when
> >the watchdog decided things were too slow and it wouldn't give up.
> >I'll have to be convinced its useful and reliable, I guess. Nothing
> >like working away to have the system just suddenly reboot on you.
>
> I didn't phrase it quit right. This watchdog should watch the ssh
> connection when you are making firewall rule changes. If the ssh
> connection goes down and does not get restored within a minute or two,
> then it should revert to the previous firewall rule configuration. This
> should keep you from inadvertently locking yourself out of your router.
Yes, good point. The system I'm stitching together collects
all the rule changes first, and doesn't activate them until the very
end. That is, after turning the user's points-and-clicks into ipchains
commands it'll either write a run-as-root script when it's all done,
or write that script and kick it off automagically.
Importantly, it'll verify the integrity of that script (a
quick hash check) after the transfer to be sure what's there is what
was intended.
I'm wondering how lean a standalone md5 message digester
could be..."digest" looks like it's less than 30k including libmd.
-Scott
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-devel
