James Bowman Sineath, III wrote:
>> Hi all,
>>
>> I have a small problem on one of my dev boxes. I
have a bod bootup
>> ipfw rulset and I find myself locked out of the
machine.
>>
>> There will be a technician at the NOC on Tuesday
that will be able
>> to assist me.
>>
>> My question is: Will he/she be able to simply
reboot, logon as root
>> as normal?
>>
>> - and then -
>>
>> disable IPFW in rc.conf ... or will the loopback
rule not being
>> present cause more mahem than I think it will?
>>
>> -Grant
>
>
> He should be able to login without any problems.
>
> On another note, in the future whenever you make
changes to your
> system that could potentially lock you out, use crontab
to disable
> them after a short amount of time. For example, when I
was
> reconfiguring sshd, I crontab'ed 'killall sshd
&& sshd -f
> /root/sshd_config_old'
> and moved the default config file to my /root
directory. Also when
> playing
> with my ipfw rules, I crontab'ed 'ipfw disable
firewall' for every 15
> minutes
> until I got it working the way I wanted too.
>
> Be VERY careful with this though. Don't use it and then
forget to remove
> the lines from your /etc/crontab. Remove them as soon
as you get it
> configured the way you want too. This is obviously a
serious security
> risk, so don't use it very often. If you are worried
about disabling your
> firewall, then create a small ipfw script to deny all
connections except
> from your IP address and crontab that instead of 'ipfw
disable firewall'.
> Also keep in mind to enable your firewall again you
will need to type
> 'ipfw enable firewall'.
See also /usr/share/examples/ipfw/change_rules.sh....
Kevin Kinsey.
_______________________________________________
freebsd-questions freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-que
stions
To unsubscribe, send any mail to
"freebsd-questions-unsubscribefreebsd.org"
|