Date: Mon, 05 Sep 2005 08:11:51 -0500 From: Kevin Kinsey <kdk@daleco.biz> To: "James Bowman Sineath, III" <sineathj1@citadel.edu> Cc: Grant Peel <gpeel@thenetnow.com>, freebsd-questions@freebsd.org Subject: Re: IPFW lockout. Message-ID: <431C4417.6090406@daleco.biz> In-Reply-To: <000701c5b1b5$c2809210$e697e19b@IBMTWAQPEF2DWZ> References: <001b01c5b1b0$1974c290$6601a8c0@GRANT> <000701c5b1b5$c2809210$e697e19b@IBMTWAQPEF2DWZ>
next in thread | previous in thread | raw e-mail | index | archive | help
James Bowman Sineath, III wrote: >> Hi all, >> >> I have a small problem on one of my dev boxes. I have a bod bootup >> ipfw rulset and I find myself locked out of the machine. >> >> There will be a technician at the NOC on Tuesday that will be able >> to assist me. >> >> My question is: Will he/she be able to simply reboot, logon as root >> as normal? >> >> - and then - >> >> disable IPFW in rc.conf ... or will the loopback rule not being >> present cause more mahem than I think it will? >> >> -Grant > > > He should be able to login without any problems. > > On another note, in the future whenever you make changes to your > system that could potentially lock you out, use crontab to disable > them after a short amount of time. For example, when I was > reconfiguring sshd, I crontab'ed 'killall sshd && sshd -f > /root/sshd_config_old' > and moved the default config file to my /root directory. Also when > playing > with my ipfw rules, I crontab'ed 'ipfw disable firewall' for every 15 > minutes > until I got it working the way I wanted too. > > Be VERY careful with this though. Don't use it and then forget to remove > the lines from your /etc/crontab. Remove them as soon as you get it > configured the way you want too. This is obviously a serious security > risk, so don't use it very often. If you are worried about disabling your > firewall, then create a small ipfw script to deny all connections except > from your IP address and crontab that instead of 'ipfw disable firewall'. > Also keep in mind to enable your firewall again you will need to type > 'ipfw enable firewall'. See also /usr/share/examples/ipfw/change_rules.sh.... Kevin Kinsey.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?431C4417.6090406>