Strony

wtorek, 30 czerwca 2009

never do iptables --flush when your policy is set to DROP

Today I had to power-cycle my server (remote one) because I accidentally did:
iptables --flush

so I have a new resolution when I test some firewall rules: ALWAYS ADD A CRON JOB 10 MINUTES IN THE FUTURE TO RUN:
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables --flush

so if I lock myself next time, I will only have to wait 5-10 minutes :)

0 komentarze: