Hi, What i do is to place, at the bottom of my firewall script, few more lines like this:
----------- (start of script) ... ... (various commands) echo "Finished" sleep 120 shutdown -r now ------------ (end of script) Once I see the finished echoed I kill (ctrl-C) the ongoing program. ---> For the gurus out there: Is there a problem on doing that? It has never let me down so far. Hope it helps. Rgds, Roberto Campos _______________________________________________________________ Meu Provedor Tecnologias e Informatica ltda. Rua Camerino, 128 Gr. 302 - Centro Rio de Janeiro - RJ - CEP 20080-010 Tel.: 21 - 25181011 Fax: 21 - 25181911 -----Mensagem original----- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Em nome de Tony Earnshaw Enviada em: ter�a-feira, 11 de junho de 2002 06:40 Para: Kjetil Kjernsmo Cc: [EMAIL PROTECTED] Assunto: Re: Too scared.... man, 2002-06-10 kl. 22:07 skrev Kjetil Kjernsmo: > I hope someone can take my paw and help me through the iptables setup, > because I'm a bit scared of the possibility of locking myself out of my > box... Den som intet v�ger, intet vinner :c) Do it. 1: Make sure that you have a cron/at job running that kills and restarts your firewall scripts at intervals known to you. If you only have a minimum of services, they are patched up to the last version and all is more or less safe, then a ten-minute gap now and then can't hurt until your routine is established; 2: If you're using ssh (which you are) to get to the machine, and since no-one can see what you're doing, cut out ftp and use scp - which also goes to port 22 and is *much* safer and better; 3: In your firewall script, build in a rule that only lets in your IP number - or, even better, if your admin machine uses Ethernet for the connection, your MAC number. I've done all this out of Utrecht in Holland to a slave DNS name server in Dortmund, Germany, including weekly scp backups and goodness knows what else. I had no possibility of getting to that machine, once it was placed, and everything worked perfectly for months - never ever went wrong. Just leave yourself a back door, if you need it, until you've gained the confidence you need. Best, Tonni Sogning -- Tony Earnshaw e-post: [EMAIL PROTECTED] www: http://www.billy.demon.nl gpg public key: http://www.billy.demon.nl/tonni.armor Telefoon: (+31) (0)172 530428 Mobiel: (+31) (0)6 51153356 GPG Fingerprint = 3924 6BF8 A755 DE1A 4AD6 FA2B F7D7 6051 3BE7 B981 3BE7B981
