[neosavvy]

Man I think I used this software back when I was working out of my closet back in 2004 trying to finish school. This was a nice abstraction on top of IPTables.

I definitely remember screwing up rules which caused me to have to drive to the data center about 15 miles from my house after kicking myself out of machines I was SSH'd into.

[dharmab]

You're giving me flashbacks to working on ASAs and issuing a "reboot 15" before making config changes, so that the device would reboot into the last config if you locked yourself out. And those were still in the same building!

[riffraff]

How would it reboot on the old config if you had just changed it?

[dharmab]

Cisco devices have a "running config" in volatile memory and a "startup config" on persistent storage. You can modify the running config without committing the change to the startup config.

[mirimir]

Because iptables changes aren't persistent unless you write them to some file that gets loaded at bootup.

[srmatto]

Been a long time, but doesn't `write conf` write the config to NVRAM?

[neosavvy]

If I recall correctly he added a safety net that I setup after doing this a few time.

I'd be SSHd in and restart the rules, then the SSH session would hang. I was actively modifying rules and hey look I was a noobie sysadmin!

I made dumb mistakes back then. I believe that's when I made a catch all rule for my home IP on ssh in and out.

Regardless, thanks Tom!

[esaym]

>after kicking myself out of machines I was SSH'd into

I still remember my first 'ifconfig eth0 down' over ssh!

[neosavvy]

I bet you learned to give yourself alternatives back in right.

[vukk]

First thing on shorewall was always to set ADMINISABSENTMINDED=Yes :)