Hi, > >> If I simply add an ALLOW rule from my IP to the "fw" destination, is > >> that enough? What else do I need to consider? > > > > I can't promise it will work for your purposes, but I think you'd want to > > look > > at shorewall safe-start and safe-restart > > > > And maybe ADMINISABSENTMINDED > > https://shorewall.org/manpages/shorewall.conf.html > > https://shorewall.org/manpages/shorewall-stoppedrules.html > > > > In addition to the above, the Shorewall try (1) command might be worth a > look. > > You could also first try your changes in a VM.
Great tips, thanks. I recall reading about ADMINISABSENTMINDED many years ago. How about the ability to load a different policy? In other words, I could set up a cron script to run at some point in the near future that loads a different policy if I can't manually disable that cron script before it actually executes because I've been locked out. Even something that changes the policy to default-allow from my IP would probably be enough. > > 1) https://shorewall.org/manpages/shorewall.html > > -- > Matt Darfeuille <m...@shorewall.org> > Shorewall Project Committee, one of four core members > https://sourceforge.net/p/shorewall/mailman/message/36596609/ > https://shorewall.org > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
