Re: Ugh.
  By: Sean Dennis to All on Thu Jan 20 2022 07:42 pm

 > Note to self: don't set up ipfw and fail2ban without testing everything
 > first and locking yourself out of your computer.
 > 
 > I now have to get my PS/2 keyboard plugged into the server, boot into
 > single-user mode, mount the hard drive and uneff rc.firewall.  *rolls eyes*
 > 
 > This is what I get for rushing things when I am tired ...
 > 
 > But at least I learned a lesson.
 > 
 > -- Sean
 > 

You are nobody until you accomplish one of the following things:

* You lock yourself out of a server located in another continent, with no
sideband console access.
* A picture of your horses appears in a reputable magazine.
* You have so much money that girls come to you, instead of you having to chase
the girls.

I have scored 1 of 3, so not bad.

Now seriously, when doing firewall stuff it is a good idea to set a master
whitelist for the administration ports and ips so you never get badly locked
out :-)

First rule in every firewall should be something like

pass in quick from $trusted_computer to self port $administrative_service

(This assumes the administrative service is hard enough to deal with incomming
connections from spoofed sources that try to pretend they are the
$trusted_computer. Bets done if the $trusted_computer is in the same LAN and
you are using static arp to mitigate spoofing)

--
gopher://gopher.richardfalken.com/1/richardfalken
--- SBBSecho 3.14-Linux
 * Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (618:250/24)