Am Donnerstag, 15. Dezember 2005 14:26 schrieb Dale Amon: > On Thu, Dec 15, 2005 at 12:27:01PM +0000, kevin bailey wrote: > > 2. firewall > > not i'm not sure about the need for a firewall - i may need to access the > > server over ssh from anywhere. also, to run FTP doesn't the server need > > to be able to open up a varying number of ports. > > There is a way around this. If you are really worried > about a mistake, use 'at' to turn the firewall off after > 5 minutes. That way you can set up your test and if > you screwed up you only have to wait a few min before > it goes away. If it worked, you just kill the queued > at command line. If you use shorewall to setup iptables, you may also just create a copy of the /etc/shorewall directory to e.g. /etc/shorewall.test, change the rules in shorewall.test first and test them from there with shorewall try /etc/shorewall.test 120 After the specified timeout (in seconds) shorewall reverts back to the default ruleset from /etc/shorewall. So if you made a mistake, your host will be accessible again after the timeout (with the default firewall ruleset running); if everything is fine, you can just press Ctrl-C to abort reverting to the default ruleset. Of course, afterwards update /etc/shorewall to incorporate your tested changes. Regards, Klaus -- Dipl.-Ing. Klaus Holler <kho@gmx.at>
Attachment:
pgpC7IIzQN9Qw.pgp
Description: PGP signature