On Sat, Jun 14, 2014 at 7:17 AM, Stéphane Guedon <steph...@22decembre.eu> wrote:
> Hello the list. > > First, I wish you all a great weekend. > > Second, I am wondering if someone knows or has written some tool to prevent > yourself from being locked out of your online ssh server when writing pf > rules. > At the top of you rules you may pass in quick proto tcp from any to (self) port ssh, or include a file that perform the pass quick rules that allows you to use the machine remotely. Then do not touch that part. another cool feature is an anchor, the anchor is untouched when reloading (90% sure of that) > > Something like : copy the new pf rules in /tmp, load them, and ask the > user if > it's ok. If not, reload the previous rules two minutes later. > > If the user doesn't answer, that means for some reason pf has blocked ssh > connection. And at this point, the automatism of the tool has to return to > previous state, where connection was ok. > > If that tool doesn't exist, I am goinng to write a small script for that > purpose. > > Thanks for your answers. > > -- () ascii ribbon campaign - against html e-mail /\
