On Sat, Jun 06, 2020 at 10:30:58AM -0400, Alex wrote: > Hi, > > I have a shorewall-5.2.0.5 system on fedora and need to make some > changes. It's in a remote datacenter that would be difficult to access > if I locked myself out while making these changes. > > I see there are files that are used when shorewall is stopped, > started, and restored, but how can I build in a rule that ensures I'll > never be locked out from a particular IP? > > If I simply add an ALLOW rule from my IP to the "fw" destination, is > that enough? What else do I need to consider?
I can't promise it will work for your purposes, but I think you'd want to look at shorewall safe-start and safe-restart And maybe ADMINISABSENTMINDED https://shorewall.org/manpages/shorewall.conf.html https://shorewall.org/manpages/shorewall-stoppedrules.html -- Justin _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
