iptables rollback scheduler
a safe way to apply firewall rulesets
- your personal iptables parachute
Have you ever modified your iptables ruleset lost in thought,
just to find yourself locked out from your system after hitting return?
The iptables rollback scheduler is a simple solution for this problem:
It rolls back your ruleset to a saved state after a given period of time,
if you do not cancel the rollback timer after your modification.
Think of it as a kind of "Dead Man's Switch" for iptables administration.
That's how it works:
Before you start to modify your ruleset you tell the scheduler the time
in seconds you need before the rollback will save your ass.
Your current ruleset will be saved into a tempfile - other solutions
simply overrule your ruleset by flushing the chains and setting their
default policy to ALLOW - this opens your system for everybody.
To avoid this we will restore the ruleset state before you scheduled the rollback.
If you succeeded with your modifications AND are still connected to the server
you just cancel the scheduler and get yourself a coffee.
System Prerequisites:
For all of these features we use core system applications
and tools, as well as iptables tools installed by default.
Therefore you should be able to use it on any Linux
system running iptables.
If you happen to test it successful on a distribution not mentioned below,
please let me know since I am happy to expand the list of supported distributions.
Tested on:
Debian: 3.1 (Sarge), 4.0 (Etch), 5.0 (Lenny) |
|
|