Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I always hated remote firewall changes. I usually had two terminals open. In one, I'd run my "cya" script that slept for a minute, restored the old firewall rules, slept another minute, then did a reboot. In the other terminal, I'd run the new firewall rules. If I didn't screw up, I'd go back to the other terminal to stop the "cya" script. If I did screw up, the worst case was a few minutes of downtime that I'd hope nobody would notice.


You could also just save the current firewall config, and then have the script restore the saved config after a minute. No need to reboot.


The script was: sleep 1 minute, then restore rules, sleep 1 more minute, then reboot. That first rule restore was so I could conceivably get things back in order before the reboot. I had the final reboot there in case the new firewall rules somehow killed my ssh session. This never happened, and I might have been able to ssh in again at that point, but I wasn't going to count on it.


I use either `at(1)` or a 5 min cron job that restores the firewall rules.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: