> About the two SSH terminal, if I activate a wrong firewall change that > blocks the SSH port, would it not also terminate the existing > terminals since new packets going in would be rejected, or does it not > affect already established TCP connections? It depends upon what you are doing and in which order you do it. Unfortunately, I'm not an expert in iptables - I refuse to spend time learning more than the basics on it, since I don't like it. IMO the structure and rules are byzantine and unnecessarily flexible/complex, so when fiddling about with the firewall, usually its just simple commands to open/close ports or do connection limiting/throttling, and I don't ever touch port 22. FWIW, when doing a complex task, instead of typing in commands in a terminal, I begin writing a script to do those commands. At the very same time I develop a 'rollback' script to undo those commands in case of error. Experimenting on a Centos 5.2 server which I have console access. Upon an error condition, I then modify the script, play the 'rollback' script, and reissue the script. So gradually the script and its 'antidote' are built to where I'm satisfied they work. Then and only then, do I use that script on production and remote servers which are also running CentOS 5.2 The only problem which my method is that getting these scripts to be 100% correct even in the face of malevolent conditions such as DNS timeouts and hardware errors makes them 2-3 times as long and yukky and hard to read.