[dharmab]

You're giving me flashbacks to working on ASAs and issuing a "reboot 15" before making config changes, so that the device would reboot into the last config if you locked yourself out. And those were still in the same building!

[riffraff]

How would it reboot on the old config if you had just changed it?

[dharmab]

Cisco devices have a "running config" in volatile memory and a "startup config" on persistent storage. You can modify the running config without committing the change to the startup config.

[mirimir]

Because iptables changes aren't persistent unless you write them to some file that gets loaded at bootup.

[srmatto]

Been a long time, but doesn't `write conf` write the config to NVRAM?

[neosavvy]

If I recall correctly he added a safety net that I setup after doing this a few time.

I'd be SSHd in and restart the rules, then the SSH session would hang. I was actively modifying rules and hey look I was a noobie sysadmin!

I made dumb mistakes back then. I believe that's when I made a catch all rule for my home IP on ssh in and out.

Regardless, thanks Tom!