Manuel Wolfshant wrote: > Ned Slider wrote: >> >> I guess the best solution would be to develop and test your script >> locally before uploading and deploying on a remote server. >> Alternatively, if you must test remotely, setting up a cronjob to >> deactivate the firewall after 5 mins is a popular approach to prevent >> locking yourself out of your machine (if anyone on the list has any >> thoughts about this, it would be appreciated??) > > Oh, yes, please add a note about "at now + 5 minutes pretty please > disable firewall". It's simple, effective, useful. Safety nets are needed. > Something like this maybe: echo 'service iptables stop' | at now + 5 minutes One issue with this approach being that the at package isn't always installed by default so may not be present on all systems. > > > Ned: I suggest to insert a line after the "-P DROP" to warn people that > this command will cut access from remote sites unless a previous ACCEPT > rule already exists. . So either upload and test a full script, or work > locally.... or take care :) > I'm tempted to just suggest adding an explicit rule at the beginning to allow ssh access. Something like this: iptables -A INPUT -p tcp --dport 22 -j ACCEPT should be foolproof for most situations. Ned