mudmanc4 Posted November 22, 2013 CID Share Posted November 22, 2013 Since I've not been absent minded enough in the past to actually lock myself out of a server (aside those younger days of 'forgetting the root pass" -- this is a first for me, yes I'm a locked out virgin. Special hey ? And don't do this if you want continued access via root, or anything else. Sure http and https are available for public facing, but thats it. So , I ran --- iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -j ACCEPT iptables -A INPUT -p tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp --dport 443 -j ACCEPT iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT iptables -A INPUT -j REJECT iptables -A FORWARD -j REJECT After saving iptables permanently , opened another shell logged in with the new user also created to take the place of root with the proper permissions, login was fine for that user. After reboot I realized what I had mistakenly forgotten in the chain. See it ? lol Yes thats right , the ssh port - duh-me ? And a couple other things that render the hosts reporting scripts locked out, ah yes there it is - dummy lol As I can see it , the only way to get access would be to have host flush iptables from main server node root. Yes, no ? Idea's ? Quote Link to comment Share on other sites More sharing options...
TriRan Posted November 22, 2013 CID Share Posted November 22, 2013 Yep your exactly correct unless you have kvm access they will have to flush the tables locally Quote Link to comment Share on other sites More sharing options...
mudmanc4 Posted November 22, 2013 Author CID Share Posted November 22, 2013 Yea, I have KVM to the server but it's not worked yet , even before I did this wonderful trick on myself lol Quote Link to comment Share on other sites More sharing options...
nanobot Posted November 22, 2013 CID Share Posted November 22, 2013 Yep your exactly correct unless you have kvm access they will have to flush the tables locallyThis. You're pretty much screwed. Thanks, EBrown Quote Link to comment Share on other sites More sharing options...
mudmanc4 Posted November 22, 2013 Author CID Share Posted November 22, 2013 lol yes. Good thing I had a snapshot. As if it mattered, this is a testing environment at the moment. Already back coasting along. I did not bother contacting the host about the non working KVM or to administer the box for me, just scratched it and re imaged. They use PPTP which afaik is been depreciated, and is insecure, so chances are they simply have not taken it off the options. Kind of false advertising though. If in fact thats the case and not something I don't know. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.