Re: firewall newbie questions
On Sun, 11 Apr 2004, Gerhard Schoening wrote:
> On Sunday, 2004-04-11 at 01:42, Daniel Pittman wrote:
>
>> It will then wait 30 seconds for you to type 'commit'
>> manually, or it will restore the previous firewall.
>
>> So, if you screw up and SSH no longer works, after 30
>> (very long, as I know from experience :) seconds your
>> firewall is restored, and it works again.
>
> Sorry for bothering you with another firewall newbie question... ;)
No problem. :)
> Just to be clear about your description:
>
> If I will enter
>
> # firehol try
> # commit
>
> and the latter command will _not appear_ on the screen:
>
> All I'll have to do is wait for the prompt to return?!
Nope. What you will see is:
] firehol try
Keep the firewall? (type 'commit' to accept - 30 seconds timeout) : commit
Successfull activation of FireHOL firewall.
]
Basically, the script prompts you to confirm that the new firewall works
correctly by entering the word 'commit' into it, before it saves it.
If you *don't* do that, because (for example) your SSH session no longer
works because your new firewall is incorrect, the old firewall will be
restored.
So, if you got something wrong then 'firehol' will restore the previous
(working) setup for you automatically.
The config file will still be wrong, of course, so you still need to fix
it - or use a new config file to test with. 'firehol' supports that as
well. :)
So, 'commit' is not a command, but rather the input to the 'firehol'
script itself, telling it that the new firewall configuration is correct
and you will not have locked yourself out.
Daniel
--
Onanism produces seminal weaknesses, impotence, dysury, tabes dorsalis,
pulmomary consumption, dyspepsia, dimness of sight, vertigo, epilepsy,
hypochondriasis, loss of memory, manalgia, fatuity, and death.
-- Dr. Benjamin Rush, _Medical Inquiries_, 1812
Reply to: