Long ago, I succeeded once to cut my own access through SSH to a remote server, after some firewall ...

adrian_b • today at 7:25 AM • 2 replies • view on HN

Long ago, I succeeded once to cut my own access through SSH to a remote server, after some firewall changes. That of course has required a long trip to the server, for physical access.

However that was good, because after that I have always been extra careful at any changes that could affect the firewall in any way. (That is not restricted to changes in firewall rules, because there are systems where the versions of the firewall program and of the kernel must be correlated, so an inconsistent update may make the firewall revert to its default state of denying all connections.)

Replies

kqr • today at 7:31 AM

I can warmly recommend the nohup-sleep-disable-cancel pattern for this, as a dead man's switch for danngerous changes.

https://entropicthoughts.com/locking-yourself-out-with-firew...

learn_more • today at 7:43 PM

I previously managed a firewall via scripts which would automatically revert your update in 20 seconds unless interrupted. So if you botched it and lost access, you just had to sit tight for 20 seconds.

alt Hacker News

Replies