21 Aug
2011
21 Aug
'11
5:55 a.m.
--On Sunday, August 21, 2011 2:51 AM +0100 Always Learning centos@u61.u22.net wrote:
I am acutely conscious of being locked-out. I can get in remotely via the console. However the very first entries in every server's iptables have always been to allow 3 static IPs access. 3test comes later on in the sequence, ensuring what happens there should never lock me out.
To reduce the attack surface, create a script that can only update that subtable with a supplied IP address and then invoke it by sudo.