I use this line:*/3 * * * * root iptables -A INPUT -i eth0 -p tcp -s MY_WORKSTATION_IP --dport 22 -j ACCEPT && echo "issued iptables cmd" | mail -a "From: root@${HOSTNAME}" -s "[iptables-keepalive]" my@email_address.com
That does 2 things:1. guarantees my access to the machine no matter how stupid I am configuring shorewall :)
2. reminds me LOUDLY and annoyingly every 3 minutes to turn it off once I'm done testing.
also if you run postfix I have a hardening script which turns it into a send-only mailer and disables local delivery. it's invisible on port 25, too, which is nice.
:) _a On Dec 15, 2005, at 2:14 PM, kevin bailey wrote:
Dale Amon wrote:On Thu, Dec 15, 2005 at 12:27:01PM +0000, kevin bailey wrote:2. firewallnot i'm not sure about the need for a firewall - i may need to access the server over ssh from anywhere. also, to run FTP doesn't the server needto be able to open up a varying number of ports.There is a way around this. If you are really worried about a mistake, use 'at' to turn the firewall off after 5 minutes. That way you can set up your test and if you screwed up you only have to wait a few min before it goes away. If it worked, you just kill the queued at command line.top tip!!! -- To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.orgwith a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
-- alex black, founder the turing studio, inc. 510.666.0074 root@turingstudio.com http://www.turingstudio.com 2600 10th street, suite 635 berkeley, ca 94710