This is a joke, I didn’t really lock myself out
good reason to take a day out, will tell it to my boss.
No connection, no hackers.
Nice drive to clear your head.
I’ll always be grateful for the firewalls like OpenWRT that will automatically revert any changes if you don’t log back in after a few minutes (at least on the web interface). I’m not proud of how many times that’s saved me.
Happened to me once. Had a little Pi at my parent’s house and that was a nice excuse to visit them.
Except when you get there and don’t want to talk or do all the meeting and greeting until you know the server still works.
deleted by creator
even worse. I regularly have to get up out of my chair and go down 2 stairs.
Also this took a while to find, but : https://sourceforge.net/p/shorewall/svn/HEAD/tree/branches/4.2/Samples/one-interface/shorewall.conf
ADMINISABSENTMINDED=YesIs an actual setting in the config for the (now apparently unmaintained) Shorewall Firewall software/tool for linux.
If I remember correctly, it always checks on firewall rule changes if there is an active connection on port 22, and adds a special rule at the end to maintain that connection.
They don’t build them like they used to anymore.
They don’t build them like they used to anymore.
Well if we did, the way it works would be by telling a chatbot to enable ssh on port 22 at the end.
Before you make a change, do this in a screen-session:
sleep 300 && iptables-restore old_fw_rules.bak
permission denied
fuuuu
Found the debian user.
user permissions is a debian thing now?
A long time ago, Debian 8 or so it was a bug with Debian. Something about the command running without root despite the sudo command.
Yeah except it would be iptables-restore < old_fw_rules.bak
Fun fact: When you do iptables-save, you have to redirect the output if you want to save it to a file. But when you use iptables-restore, you don’t need to pipe it back in, you can just use the filename!
It wasn’t always that way. At one time you had to so I still do.
Totally! I still catch myself doing that sometimes. Old habits die hard
Doing this is a right of passage.
Believe it or not, “rite” is the, uh, right, word here.
Messing up the spelling is a wrong of passage.
I don’t belief it.
Just breath!
deaths
deaths nuths
You have a right to pass once you’ve done this rite of passage.
Believe it or not, straight to jail
Almost the same thing happened to me. I accidentally fucked up the internet connection in my home while in Japan, and I had to video call my mom to have her fix it. It was a pain for both of us, but thankfully it went rather smoothly. Thank you mom!
Do you mind explaining the details? I’m trying to learn as much as possible!
Most corporate network devices like Cisco will reset their config to the one written in memory when they lose power.
So in that case, just unplug and replug them to restore to previous config.
Just make sure you write your new config to memory or it will reset when there is ever a power failure.
So I connected through ssh back home to fiddle with the router settings, and in the PPPoE settings (where you set a pair of username and password that your router sends to the ISP such that the ISP knows you and knows what IP to assign to you) I made a typo, and apparently that instantly killed the internet connection at home and also for me. I had to call my mom to instruct her to fix the typo in the username. TBH I don’t know that much about PPPoE either, I only do it so that the ISP assigns us the same IP address every time.
Real servers have lights out management and management networks.
I’d rather plug in a screen with VGA than deal with HPE iLO 4
Serial terminal servers (sometimes called terminal console servers) are a thing for a reason.
Networking noob here; what, pray tell, is HPE iLO4… or do I want to even know?
Edit: Never mind. Found it. HP… shudders
“In December 2021 Iranian researchers at Amnpardaz security firm have discovered rootkits in HPE’s iLO (Integrated Lights-Out) management modules.”
Because of course lol
I keep a Windows 2008 w Java 6 VM on ice for administering old Java console shit like that.
The VM is unsafe as hell. Completely virgin unpatched. The only protection is that I don’t give it a gateway or dns, and I shut it down when its not in use.
And it works. Old Java shit can still be used.To be honest, HPE iLO 6 isn’t too bad, if you’re using the GUI. It’s the API that remains really broken in many places.
Sounds like an issue draling with .NET or JRC console.
Are you on the nosz up to date firmware?I remember there being the option of using HTML or a Java applet, I chose the former
If you have the HTML5 option you should be on a pretty recent firmware.
Interesting that you’d prefer going (literally) analog connection rather than over the IPMI.
The latest version of iLO4 is from 2023
You know, I wanted to say “Bet!” and proove your wrong as I couldnt believe they never went past 2023 for the firmware.
Turns out that was the latest.But I do know they have more recent firmware uploads for the UEFI than 2023. ^(A year younger but no less nore recent/s)
What’s really fun is hearing “oh shit” from the UPS maintenance tech followed by darkness and silence.
Console
Fuck, that is really good wordplay.
Most secure box is the one that does nothing.
Classic.
Love Hetzner. If something like that were to happen to me they can hook up a remote console accessible through their web interface.
Many hosting providers have a remote console feature.
Since that happens to the best of us, I envision writing a wrapper script around {n,}pfctl that asks for confirmation upon detecting that you’re logged in via ssh through a specific port AND detecting that the new rules would block that port.
VMware does this with its virtual networking. If a change takes it offline, it automatically rolls it back. It can be frustrating at times, but mostly its saved my ass.
Meraki does this as well. If you change anything that might disconnect the uplink or the port you are connected to, it gives you a pop-up warning before it commits.
