I know I forgot to reactivate my firewall yesterday, but I’m too scared of getting locked in to do it remotely. I have physical access to it, but gotta wait after work
deleted by creator
Defeatedly Connects a monitor and a keyboard to the Raspberry Pi
@GolfNovemberUniform @treechicken so we deduct he has no Raspberry 400
deleted by creator
It’s cute
@GolfNovemberUniform for collectors reasons?
deleted by creator
It happened to me when I was configuring IP geoblocking: Only whitelist IP ranges are allowed. That was fetched from a trusted URL. If the DNS provider just happened to not be on that list, the whitelist would become empty, blocking all IPs. Literally 100% proof firewall; not even a ping gets a pass.
OPNsense has an anti-lock-out rule at the top for a reason 😁
That moment when you forget to run sudo ufw allow ssh after enabling the firewall
You mean before?
Yeah sorry my brain is fried
Not exactly the same thing, but on one of my systems, eth0 and eth1 swapped position after a kernel update, so the IP was on the wrong interface. I had IPMI/BMC on the system so didn’t have to physically go to it and plug in a keyboard and monitor, but I still had to deal with manually typing a long randomly-generated password, twice (one to log in and once again for sudo).
I’m glad “predictable” interface names are supported now. Those eth0/eth1/etc names were dangerous since the numbers were just based on the order the kernel loaded the drivers and initialized them in, which can change across reboots. The predictable names are based on physical position in the system, so they’re consistent across reboots.
deleted by creator
ufw is not a good software. I really tried to work with it. My solution was to disable it.
It’s better than raw iptables / nftables though.
Just like stabbing yourself if the eye is better with a fork than with a rusty fork.
pfgang rise up !Not IMHO no. By far.
this is me dealing with ZScaler at work
it’s become self aware and is always blocking ports 22 & 23.
I’ve had to boot a remote server into rescue after locking myself out.
I think most people have done this at least once.
Happened to me, luckilly I kept an ssh connection up.
Now I make sure to enable the firewall rules before I enable ufw ( still happened to me 3 more times ).
i have ssh configured on a different port,
more than one time i enabled ssh in ufw, restarted the service… and the connection dropped
Whistles and looks away
I have absolutely no idea what you’re talking about
😜
UFW is a software firewall. SSH is a way to remote into computers. The joke is they turned on UFW and got locked out of the machine.
Hehe. I was joking there.
Have done it randomly on my backup raspi 3 so many times 🤣
I’ve been bamboozled
I’m pretty sure it was a joke.
Everyone did this at some point, but nobody would admit such a silly thing happened to them.
Never done this to a single server.
Managed to write the “ufw enable, deny all” part of ansislbe script without the “allow 22” part and run it against all my homelab once.
I accidentally put all the interfaces on my router running openwrt into the wrong firewall zone so now I can’t access it via ssh or the web interface. I already had it configured though and it still works so I’m just ignoring the problem until something breaks
It’s super secure though, not even you have access!
I did the same thing, set up OpenWRT perfectly, then changed the local range from 192.168.1.0 to 192.168.0.0 to suit some legacy connections. Everything works, except I can’t change settings on the router, so for now I leave it alone
There is nothing more perminant than a temporary solution.
“i’ll fix that later”
Narrator: “they never did”
Maybe you can put aside a day which has nothing else going on so you can sit down and fix it before it breaks.
Sounds like my Unifi experience with the old CloudKeys that liked to brick themselves if the wind blew in a way they disliked. Everything still ran fine, but I couldn’t manage any of it till I factory reset it all. I think it ran like that for 3mo before I could be bothered 😅
deleted by creator
