It happened to me when I was configuring IP geoblocking: Only whitelist IP ranges are allowed. That was fetched from a trusted URL. If the DNS provider just happened to not be on that list, the whitelist would become empty, blocking all IPs. Literally 100% proof firewall; not even a ping gets a pass.

kingthrillgore
link
fedilink
310M

this is me dealing with ZScaler at work

TurboWafflz
link
fedilink
2510M

I accidentally put all the interfaces on my router running openwrt into the wrong firewall zone so now I can’t access it via ssh or the web interface. I already had it configured though and it still works so I’m just ignoring the problem until something breaks

There is nothing more perminant than a temporary solution.

Ignotum
link
fedilink
10
edit-2
10M

“i’ll fix that later”
Narrator: “they never did”

Maybe you can put aside a day which has nothing else going on so you can sit down and fix it before it breaks.

idunnololz
link
fedilink
810M

It’s super secure though, not even you have access!

I know I forgot to reactivate my firewall yesterday, but I’m too scared of getting locked in to do it remotely. I have physical access to it, but gotta wait after work

7heo
link
fedilink
510M

ufw is not a good software. I really tried to work with it. My solution was to disable it.

It’s better than raw iptables / nftables though.

7heo
link
fedilink
3
edit-2
10M

Not IMHO no. By far.

Happened to me in work once… I was connected via SSH to one of our test machines, so I could test connection disruption handling on a product we had installed.

I had a script that added iptables rules to block all ports for 30 seconds then unblock them. Of course I didn’t add an exception for port 22, and I didn’t run it with nohup, so when I ran the script it blocked the ports, which locked me out of SSH access, and the script stopped running when the SSH session ended so never unblocked the ports. I just sat there in awe of my stupidity.

Out of curiousity, how would nohup make your situation different? As I understand, nohup makes it possible to keep terminal applications running even when the terminal session has ended.

the script stopped running when the SSH session ended so never unblocked the ports

@octopus_ink@lemmy.ml
link
fedilink
English
610M

If the script was supposed to wait 30 secs and then unblock the ports, running with nohup would have allowed the ports to be unblocked 30 secs later. Instead, the script terminated when the SSH session died, and never executed the countdown nor unblock.

Thanks for the elaborate answer!

@octopus_ink@lemmy.ml
link
fedilink
English
310M

Any time! :)

THCDenton
link
fedilink
110M

deleted by creator

Connects a monitor and a keyboard to the Raspberry Pi

it’s become self aware and is always blocking ports 22 & 23.

Optional
link
fedilink
110M

deleted by creator

Create a post

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

  • Posts must be relevant to programming, programmers, or computer science.
  • No NSFW content.
  • Jokes must be in good taste. No hate speech, bigotry, etc.
  • 1 user online
  • 5 users / day
  • 20 users / week
  • 98 users / month
  • 433 users / 6 months
  • 1 subscriber
  • 948 Posts
  • 3.34K Comments
  • Modlog