up vote 6 down vote favorite
1

Under RouterOS/Cisco there is a function called "safe mode". When someone presses CTRL+X then the terminal goes in "safe-mode" that meant that if the terminal exists in a "bad way", ex.: the user locks out himself with a bad firewall policy, etc. then the configurations will be restored for the point before the safe mode started. If the terminal in the safe-mode exists okay, like ex.: the user gives out the "exit" command, then all the configuration modifications are going to be permanent.

Are there any great functions like this "safe mode" under any Linux?

share|improve this question
up vote 3 down vote

Regarding "locking out with bad firewall policy", i usually set up a 5 minute cronjob with a script which resets the iptables configuration:

#!/bin/sh
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

This way i can remotely test iptables configurations without fear on being locked out.

Actually when modifying an existing configuration, you can configure a cronjob to do a iptables-restore with the default known working conf.

When you're sure the conf will work, simply delete the cronjob (or comment it out for future use).

I'm pretty sure you can come up with solutions for every other service. For example you can create a script to restore the sshd configuration, set up a cronjob to restore it in say 10 minutes, modify the running confing and if it won't work (and get kicked out) just wait the job to restore your old working config.

share|improve this answer

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.