OK so you want to secure your off-site server using IP tables .. this is always a good thing to do
on of the things that i highly recommend is to restrict the incomming IP's to whatever port you are using for management so that you can only access it from your networks
but if you start messing with the iptables for port 22 (for example) and you make a tiny tiny slip-up you might lose connection yourself. if the machine is sitting next to you (under your desk or in your on-site server-rack, yu can walk over hook up a screen and keyboard and fix it .... but if it's in a datacenter somewhere... yu've got a problem. (with a physical machine all you can do is get an engineer to help you out (expensive) or hard reboot the machine (not nice))
the trick is .. let's say we're starting at 2 in the afternoon, and we think we might have 15 minutes of work.
so we'll shedule a restore f the current situation in 20 minutes
as root (obviously) do
$iptables-save > /home/user/iptables.conf
$at 14:20
at>iptables-restore < /home/user/iptables.conf
ctrl-D to save the job and quit
now check your job is scheduled
$atq
1 Wed Sep 25 14:20:00 2013 a root
start messing with your iptables
if something goes wrong .. wait for the scheduled restore
if nothing goes wrong (congrats)
you can remve the job with
$atrm 1
Abonneren op:
Reacties posten (Atom)
Geen opmerkingen:
Een reactie posten