Re: So many patches!
On Saturday 17 December 2005 07:35, curby . wrote: Within the last hour or so, I've gotten about 130 announcements of accepted patches/upgrades of packages on debian-changes. Before then, I'd only usually get a few such announcements per day. Is some backlog clearing up, did I miss some announcement, or is this otherwise expected or unexpected? The release of 3.1r1 is being prepared so packages in the security archive are moving to the stable archive. pgpAqCYhiQpDZ.pgp Description: PGP signature
Re: hardening checkpoints
Hi, */3 * * * * rootiptables -A INPUT -i eth0 -p tcp -s MY_WORKSTATION_IP --dport 22 -j ACCEPT echo issued iptables cmd | mail -a From: [EMAIL PROTECTED] -s [iptables-keepalive] [EMAIL PROTECTED] That does 2 things: 1. guarantees my access to the machine no matter how stupid I am configuring shorewall :) Actually, iptables -A INPUT will _append_ a rule to your INPUT chain (iptables(8)), and this won't help you if your connection is matched by an earlier blocking rule. To really make sure that you can reach the machine after a failed firewall-reconfiguration, replace -A with -I, which makes the rule inserted at the head of the chain, and hence, the first rule to be matched. this also wont help you if you lock yourself out with a rule in the mangle or nat table. I think iptables -t mangle -I PREROUTING 1 -i eth0 -p tcp -s $MY_WORKSTATION_IP --dport 22 -j ACCEPT should be the better way to do it your way. Bernd -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: hardening checkpoints
In article [EMAIL PROTECTED] you wrote: Actually, iptables -A INPUT will _append_ a rule to your INPUT chain (iptables(8)), and this won't help you if your connection is matched by an earlier blocking rule. To really make sure that you can reach the machine after a failed firewall-reconfiguration, replace -A with -I, which makes the rule inserted at the head of the chain, and hence, the first rule to be matched. And dont forget to do this to the other tables, at least OUTPUT, also. Gruss Bernd -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
