Save my own neck after network changing mistake

Sometimes after making some (incorrect) network related changes I found myself locked out of the Linux server that I am trying to configure. A couple of examples are SSH configuration and iptables rules changes.

If the server is remote, say hosted by someone I’ll have to contact the support to have the change reversed and it could be time consuming and quite embarassing :) as well.

One way to undo the mistake is to schedule a change reversion just before the change and let it run a few minutes after. In this way, whatever change has been made will be changed back if the change was not successful. Of course if the change is good, I can cancel the job.

For the ssh config change, I can schedule this job before I restarted ssh service:

at now + 3 minutes <<< ‘cp /etc/ssh/sshd_config.backup /etc/ssh/sshd_config; service sshd restart’

A copy of sshd_config needs to exist of course.

For the iptables change, a similar job can be scheduled as below:

at now + 3 minutes <<< ‘iptables -F’

If you don’t like keep your system wide open you can always run this:

at now + 3 minutes <<< ‘/path/to/iptables_firewall_orig.sh’

Assuming the iptables_firewall_orig.sh exists somewhere (which is highly recommended).

This entry was posted in my 2 cents. Bookmark the permalink.