[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: hardening checkpoints

* alex black <enigma@turingstudio.com> [2005-12-15 23:50:42]:
> I use this line:
> 
> */3 *	* * *	root	iptables -A INPUT -i eth0 -p tcp -s  
> MY_WORKSTATION_IP --dport 22 -j ACCEPT && echo "issued iptables cmd"  
> | mail -a "From: root@${HOSTNAME}" -s "[iptables-keepalive]"  
> my@email_address.com
> 
> That does 2 things:
> 
> 1. guarantees my access to the machine no matter how stupid I am  
> configuring shorewall :)
> 

Actually, iptables -A INPUT will _append_ a rule to your INPUT chain
(iptables(8)), and this won't help you if your connection is matched by
an earlier blocking rule. To really make sure that you can reach the
machine after a failed firewall-reconfiguration, replace -A with -I,
which makes the rule inserted at the head of the chain, and hence, the
first rule to be matched.

/Andreas

-- 
andreas blaafladt <andreas@blaafladt.no>
Reply to: