Safely changing iptables firewall rules?

iptables

Another option would be to have a screen session open on the server, and have a job in the screen session that sleeps for a few minutes and then flushes the tables. After you have made your changes, you can just kill the job. You could also maybe just have the script change the INPUT policy to ACCEPT, or something like that.

Might be a little more convenient than cron, but the same idea. I do a similar thing with routers reload in 10. So if I lock myself out, the router will reboot and restore the config to the state before I made the change.


I use firehol as a front-end to iptables. Firehol has a really nice feature that allows you to safely test a new set of rules.

When you run the command firehol try, Firehol sets itself to ignore HUP, takes a backup of the current rule set, applies the new rule set and then gives the user a prompt asking them if they want to commit to the new set of rules. If you do not respond to within thirty seconds, then firehol restores the previous set of rules.

Related

reliable systemd service for autossh
GPU access on docker.io container
Is there an access log for fastcgi?
Automatic Reboot after Kernel Panic
How does $\cos(2\pi/257)$ look like in real radicals?
Distance between a point and a m-dimensional space in n-dimensional space ($m<n$)
square root of symmetric matrix and transposition
Is the product of any two invertible diagonalizable matrices diagonalizable?
Edge-coloring of bipartite graphs
Cauchy nets in a metric space
Proof that $1729$ is the smallest taxicab number
Why can't prime numbers satisfy the Pythagoras Theorem? That is, why can't a set of 3 prime numbers be a Pythagorean triplet?