Hi, > >> If I simply add an ALLOW rule from my IP to the "fw" destination, is > >> that enough? What else do I need to consider? > > > > I can't promise it will work for your purposes, but I think you'd want to > > look > > at shorewall safe-start and safe-restart > > > > And maybe ADMINISABSENTMINDED > > https://shorewall.org/manpages/shorewall.conf.html > > https://shorewall.org/manpages/shorewall-stoppedrules.html > > > > In addition to the above, the Shorewall try (1) command might be worth a > look. > > You could also first try your changes in a VM.
Great tips, thanks. I recall reading about ADMINISABSENTMINDED many years ago. How about the ability to load a different policy? In other words, I could set up a cron script to run at some point in the near future that loads a different policy if I can't manually disable that cron script before it actually executes because I've been locked out. Even something that changes the policy to default-allow from my IP would probably be enough. > > 1) https://shorewall.org/manpages/shorewall.html > > -- > Matt Darfeuille <[email protected]> > Shorewall Project Committee, one of four core members > https://sourceforge.net/p/shorewall/mailman/message/36596609/ > https://shorewall.org > > > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
