On Ma, 02 aug 11, 15:20:27, Paul Stuffins wrote: > > I have decided to go with Shorewall as it seems that it is fairly simple to > implement. > > While that may be the case, I just want to check my setup before I enable it > and lock myself out of the server.
Just for the archives: the default shorewall.conf has ADMINISABSENTMINDED=Yes which means it won't cut any *existing* (ssh) connections, even if the new rule(s) would not allow them. This allows one to changes the firewall and still fix things from the existing session. It doesn't help much if you have flacky internet and/or power though. Hope this helps, Andrei -- Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic
signature.asc
Description: Digital signature
