Date: Mon, 5 Aug 2002 07:30:36 -0400 From: "Dan Langille" <dan@langille.org> To: Dmitry Morozovsky <marck@rinet.ru> Cc: Dan Langille <dan@langille.org>, <FreeBSD-stable@FreeBSD.ORG> Subject: making sure ipf doesn't lock you out during rule changes (was Re: remote upgrade stops ssh connections) Message-ID: <3D4E299C.6846.11C676EE@localhost> In-Reply-To: <20020805102128.I6574-100000@woozle.rinet.ru> References: <5.1.1.6.0.20020804190542.04edb8b0@marble.sentex.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On 5 Aug 2002 at 10:22, Dmitry Morozovsky wrote: > On Sun, 4 Aug 2002, Mike Tancsa wrote: > > echo reboot | at +1hour > > would be an protective weapon (like reload in 10 minutes for remote > Cisco, you know ;-) That reminds me of this tip/trick I use when changing ipf rules: ipf -s -Fa -f /etc/ipf.rules && sleep 10 && ipf -s This swaps the active and inactive ruleset, flushes the active ruleset, and then loads the rules from the specified file. Then you have 10 seconds to ensure that your ssh connection still works. I usually type a few characters, make sure they echo, then press control C. If you can't type anything, the rule sets will be swapped again by the third command and you'll be left with the rule set you originally started with. -- Dan Langille I'm looking for a computer job: http://www.freebsddiary.org/dan_langille.php To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D4E299C.6846.11C676EE>