You are not currently logged in. If you do not have a user account then please consider creating one and logging in before you post your comment. This will allow you to track replies to your comment, and take part in the site much more freely.

To add your comment, fill in all the boxes below and then preview it to make sure you're happy with the way that it looks.

This is the comment you were replying to, attached to the article Struggling to implement PCI compliance:

#5 Re: Struggling to implement PCI compliance Posted by rubasov (84.3.xx.xx) on Fri 14 Mar 2008 at 17:00 Just my two cents on dealing with remote firewalls (to avoid lockouts): Suppose you have your Debian init.d-style firewall script named /etc/init.d/pf. You are sure (== tested another way) that calling it with the argument 'stop' works in any circumstances. Then create a file containing the following lines: remote-pf.sh: #! /bin/bash /etc/init.d/pf "$1" ANSWER='' echo 'If you are _able_ to answer y, it will be safe to do that.' echo -n 'Keep the current firewall rules (press 'y' or wait for timeout)? ' read -t5 ANSWER if [ -z "$ANSWER" ] then /etc/init.d/pf stop fi You can call this script: bash remote-pf.sh start, or bash remote-pf.sh restart It will apply the new firewall rules, then asks you whether to keep it. If you answer 'y', then we're done with the new config, but if you answer 'n', or you cannot answer in five seconds, then it will revert the settings to a known, clean state.

Inappropriate comments will be removed.

Username:

Password:

[ Advanced Login ]

Register Account