From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-user+bounces-119226-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1PhReg-0008Ir-EQ
	for garchives@archives.gentoo.org; Mon, 24 Jan 2011 19:00:46 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id F051BE0859;
	Mon, 24 Jan 2011 18:59:17 +0000 (UTC)
Received: from mail-ww0-f53.google.com (mail-ww0-f53.google.com [74.125.82.53])
	by pigeon.gentoo.org (Postfix) with ESMTP id 9DEDAE0859
	for <gentoo-user@lists.gentoo.org>; Mon, 24 Jan 2011 18:59:17 +0000 (UTC)
Received: by wwi18 with SMTP id 18so4314269wwi.10
        for <gentoo-user@lists.gentoo.org>; Mon, 24 Jan 2011 10:59:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:in-reply-to:references:date
         :message-id:subject:from:to:content-type;
        bh=7jAJzVz/cY/E14o/aPdUwqFpMJz2P+sLkPUic7cRutw=;
        b=JAsJJWtWID1KSU4MFvN3pBziCta8+vceqj+SJny7Z4BCKPxsyD4p6fVV/c+aG7hU5z
         gSkti2uTL/lBBCpwH7hnitxGi+VbXWmls2BtBnEX/KLfcHE9IRfofsw6VgzTmsBIcB8Q
         kjitpmOucI558quGRtMEvbAY0rGE+UdDcWaCo=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        b=g+sOkL0b+V2XNS+eQkvcEbhOIG9PIvncnAuw9rJQlGIr/rnR/o+fg/HN02OfSE8ptX
         U1ohJ+7eKd5CzEpN64NirjBn1sl0LL55yDBvMz5mqEXZzoMl9fIIREtyzAaoIghAMIPa
         xPIIp8+1WGPDdhtR8EzeQYKuR4wo7olMxdV5U=
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Received: by 10.216.157.129 with SMTP id o1mr2784864wek.59.1295895556783; Mon,
 24 Jan 2011 10:59:16 -0800 (PST)
Received: by 10.216.16.21 with HTTP; Mon, 24 Jan 2011 10:59:16 -0800 (PST)
In-Reply-To: <4D3DC94F.4020904@gmail.com>
References: <4D3DC94F.4020904@gmail.com>
Date: Mon, 24 Jan 2011 10:59:16 -0800
Message-ID: <AANLkTin98-=p88PHnB+n_+nHgBbKxC4BAwxcoQTTV6eE@mail.gmail.com>
Subject: Re: [gentoo-user] modifying iptables: how can I prevent locking me out?
From: Mark Knecht <markknecht@gmail.com>
To: gentoo-user@lists.gentoo.org
Content-Type: text/plain; charset=UTF-8
X-Archives-Salt: 
X-Archives-Hash: 155e9f8d56a77f179ea1ed8c30eebe48

On Mon, Jan 24, 2011 at 10:47 AM, Jarry <mr.jarry@gmail.com> wrote:
> Hi,
>
> I have to change rather complex iptables rules on server
> and I do not want to lock me out as this server is about
> 50 miles away. So how should I do it?
>
> I can back up the old rules by running:
> /etc/init.d/iptables save
> and it will be saved to /var/lib/iptables/rules-save
> (some strange format starting with number like [536:119208])
>
> I prepared a script with new (modified) iptables-rules,
> which I will run in bash. But in case I screw something,
> how could I force netfilter to load old saved rules,
> if I for whatever reason do not connect to server (ssh)?
>
> Or can I load new iptables-rules for certain time, and
> then force netfilter to load back the old rules again?
>
> Jarry
>

Maybe a cron job that no matter what reloads the old rules 1 hour later?

- Mark