Peak security
-
Before you make a change, do this in a screen-session:
sleep 300 && iptables-restore old_fw_rules.bak
Yeah except it would be iptables-restore < old_fw_rules.bak
-
permission denied
fuuuu
Found the debian user.
-
^This^ ^is^ ^a^ ^joke,^ ^I^ ^didn't^ ^really^ ^lock^ ^myself^ ^out^
Most secure box is the one that does nothing.
-
Found the debian user.
user permissions is a debian thing now?
-
Yeah except it would be iptables-restore < old_fw_rules.bak
wrote on last edited by [email protected]Fun fact: When you do iptables-save, you have to redirect the output if you want to save it to a file. But when you use iptables-restore, you don't need to pipe it back in, you can just use the filename!
-
Fun fact: When you do iptables-save, you have to redirect the output if you want to save it to a file. But when you use iptables-restore, you don't need to pipe it back in, you can just use the filename!
It wasn't always that way. At one time you had to so I still do.
-
user permissions is a debian thing now?
A long time ago, Debian 8 or so it was a bug with Debian. Something about the command running without root despite the sudo command.
-
Happened to me once. Had a little Pi at my parent's house and that was a nice excuse to visit them.
Except when you get there and don’t want to talk or do all the meeting and greeting until you know the server still works.
-
It's iDRAC.
I'd say that RAC is the overarching term for different Dell Solutions, see Dell Remote Access Configuration Guide
DRACT supports the following types of RACs that support RACADM commands:
-
Integrated Dell Remote Access Controller 8 (iDRAC8)
-
Integrated Dell Remote Access Controller 7 (iDRAC7)
-
[...]
-
Chassis Management Controller (CMC) for Dell PowerEdge M1000e and PowerEdge VRTX
-
[...]
And it's just shorter and easier to say
¯\_(ツ)_/¯but that's not as dumb as when he calls the SuperMicro system "iLO". That's IPMI. We don't even own any HPE. I've no idea why he's stuck on iLO.
Perhaps his first encounter with remote management was with iLO and he just thinks that this is how it's called. It's "integrated Lights Out", and "Lights-Out Management" as well as "Remote Access Controller" both are generic terms (and I suspect that this is why Dell adds an “iD” in front of its product names).
But we are way to close to the “GNU/Linux Copypasta” than I would like.
Mmm. Ya ya. No argument. But its iDRAC. I've had to sit through enough propaganda. I'm pretty sure about this.
-
-
It wasn't always that way. At one time you had to so I still do.
Totally! I still catch myself doing that sometimes. Old habits die hard
-
Wireguard is a VPN protocol, so you are able to tunnel into their router to…do what exactly?
It let's me remote into their LAN, thus bypassing the firewall
-
If you have the HTML5 option you should be on a pretty recent firmware.
Interesting that you'd prefer going (literally) analog connection rather than over the IPMI.
The latest version of iLO4 is from 2023
-
The latest version of iLO4 is from 2023
You know, I wanted to say "Bet!" and proove your wrong as I couldnt believe they never went past 2023 for the firmware.
Turns out that was the latest.But I do know they have more recent firmware uploads for the UEFI than 2023. ^(A year younger but no less nore recent/s)
-
Except when you get there and don’t want to talk or do all the meeting and greeting until you know the server still works.
-
It let's me remote into their LAN, thus bypassing the firewall
Please forgive the ignorance here. What are you trying to do? I thought you were trying to reboot an offline server. I’m probably just confused!
-
Please forgive the ignorance here. What are you trying to do? I thought you were trying to reboot an offline server. I’m probably just confused!
Well, the original post (as in the image) is about locking yourself out of a remote server by changing a firewall rule, thus needing to drive to the server to access it locally.
By using wireguard to tunnel into the router, you can remotely enter the LAN, thus bypassing the firewall, as if you were accessing the server locally.
-
Well, the original post (as in the image) is about locking yourself out of a remote server by changing a firewall rule, thus needing to drive to the server to access it locally.
By using wireguard to tunnel into the router, you can remotely enter the LAN, thus bypassing the firewall, as if you were accessing the server locally.
Ohhhhh gotcha! Thanks for explaining. I think I just invented the offline part in my head lol
-
Do you mind explaining the details? I’m trying to learn as much as possible!
wrote on last edited by [email protected]Most corporate network devices like Cisco will reset their config to the one written in memory when they lose power.
So in that case, just unplug and replug them to restore to previous config.
Just make sure you write your new config to memory or it will reset when there is ever a power failure.
-
^This^ ^is^ ^a^ ^joke,^ ^I^ ^didn't^ ^really^ ^lock^ ^myself^ ^out^
I'll always be grateful for the firewalls like OpenWRT that will automatically revert any changes if you don't log back in after a few minutes (at least on the web interface). I'm not proud of how many times that's saved me.
-
Do you mind explaining the details? I’m trying to learn as much as possible!
So I connected through ssh back home to fiddle with the router settings, and in the PPPoE settings (where you set a pair of username and password that your router sends to the ISP such that the ISP knows you and knows what IP to assign to you) I made a typo, and apparently that instantly killed the internet connection at home and also for me. I had to call my mom to instruct her to fix the typo in the username. TBH I don't know that much about PPPoE either, I only do it so that the ISP assigns us the same IP address every time.
