On Thursday 12 August 2004 07:55 pm, Barsalou wrote:
> I am testing some firewall rules on a remote machine. Occasionally, I
> may lock myself out.
>
> Does anyone have a good suggestion for making a cron job or something
> that would reset the firewall every 5 minutes or so? I tried a couple
> of things, but they didn't work.
>
> Mike
script:
/sbin/iptables -F
rule
rule
rule
....
cron the script.
I play with lots of nasties, so keeping my network canned is a must sometimes (dos attacks, tcpreplay (especially true here), and misc other toys... I'm bragging...:), what
I have done for these times is this, I wrote the rules in a file, and use a icon on the desktop to activate/deactivate them. Deactivating uses a iptables -D INPUT 1 or
OUTPUT 1; this keeps the default rules on the machine intact, working from the top. This idea could help in a cron job by snagging just the rules that need reseting.
It's also a good idea for security when your not at the machine, to can it in. Kinda like zonealarm on windows, but lower layers. Great educational project in iptables,
creating pinholes.
Also,
iptables-save /path/path/path/file (mandrake:/etc/sysconfig/iptables) saves the current rules. Then (mandrake again) #service iptables restart.
Suse probably uses something similar. Look in /etc/init.d/ and work it from that angle. Also, remember to use the complete path to iptables (/sbin/iptables) or
whatever.
hope that makes sense, what have you tried?
eddie
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Thu Aug 12 20:13:40 2004
This archive was generated by hypermail 2.1.8 : Thu Aug 12 2004 - 20:13:40 AKDT