On 6/6/2020 4:47 PM, Justin Pryzby wrote: > On Sat, Jun 06, 2020 at 10:30:58AM -0400, Alex wrote: >> Hi, >> >> I have a shorewall-5.2.0.5 system on fedora and need to make some >> changes. It's in a remote datacenter that would be difficult to access >> if I locked myself out while making these changes. >> >> I see there are files that are used when shorewall is stopped, >> started, and restored, but how can I build in a rule that ensures I'll >> never be locked out from a particular IP? >> >> If I simply add an ALLOW rule from my IP to the "fw" destination, is >> that enough? What else do I need to consider? > > I can't promise it will work for your purposes, but I think you'd want to look > at shorewall safe-start and safe-restart > > And maybe ADMINISABSENTMINDED > https://shorewall.org/manpages/shorewall.conf.html > https://shorewall.org/manpages/shorewall-stoppedrules.html >
In addition to the above, the Shorewall try (1) command might be worth a look. You could also first try your changes in a VM. 1) https://shorewall.org/manpages/shorewall.html -- Matt Darfeuille <m...@shorewall.org> Shorewall Project Committee, one of four core members https://sourceforge.net/p/shorewall/mailman/message/36596609/ https://shorewall.org _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
