717

submitted 10 months ago by treechicken@lemmy.world to c/programmerhumor@lemmy.ml

77 comments fedilink hide all child comments

top 50 comments

sorted by: hot top controversial new old

[-] TimTamJimJam@lemmy.world 118 points 10 months ago

Happened to me in work once... I was connected via SSH to one of our test machines, so I could test connection disruption handling on a product we had installed.

I had a script that added iptables rules to block all ports for 30 seconds then unblock them. Of course I didn't add an exception for port 22, and I didn't run it with nohup, so when I ran the script it blocked the ports, which locked me out of SSH access, and the script stopped running when the SSH session ended so never unblocked the ports. I just sat there in awe of my stupidity.

[-] SpaceCowboy@lemmy.ca 63 points 10 months ago

We've all experienced the walk of shame to the server room to hook up a monitor keyboard.

[-] Blackmist@feddit.uk 39 points 10 months ago

Ah, if only it was a server room and not a customer 3 hours drive away. And he'd closed and gone home for the night.

Fortunately it just needed a reboot, and I was able to talk him through that in the morning.

[-] SpaceCowboy@lemmy.ca 13 points 10 months ago

Oof... well you can just say "it must be some hardware problem or something... maybe a reboot will fix it."

[-] aStonedSanta@lemm.ee 4 points 10 months ago

lol. When I get asked what went wrong at work. So. A solar flare can swap the bits…

[-] JasonDJ@lemmy.zip 5 points 10 months ago* (last edited 10 months ago)

Oof I did a firmware upgrade on my main external firewall.

The upgrade went fine but when we added an ISP a month or so prior, I forgot to redistribute the ISPs routes. While all my ISPs were technically working, and the firewall came back up, nothing below it could get to the internet, so it was good as down.

Cue the 1.5 hour drive into the office…

Had that drive to think about what went wrong. Got into the main lobby, sat down, joined the wifi, and fixed it in 3 minutes.

Didn’t even get to my desk or the datacenter.

[-] user224@lemmy.sdf.org 11 points 10 months ago

the script stopped running when the SSH session ended

tmux
Always use tmux when possible for remote connections.

load more comments (3 replies)

[-] krash@lemmy.ml 3 points 10 months ago

Out of curiousity, how would nohup make your situation different? As I understand, nohup makes it possible to keep terminal applications running even when the terminal session has ended.

[-] octopus_ink@lemmy.ml 7 points 10 months ago

If the script was supposed to wait 30 secs and then unblock the ports, running with nohup would have allowed the ports to be unblocked 30 secs later. Instead, the script terminated when the SSH session died, and never executed the countdown nor unblock.

[-] krash@lemmy.ml 4 points 10 months ago

Thanks for the elaborate answer!

[-] octopus_ink@lemmy.ml 3 points 10 months ago

Any time! :)

[-] aidan@lemmy.world 5 points 10 months ago

the script stopped running when the SSH session ended so never unblocked the ports

[-] turbowafflz@lemmy.world 77 points 10 months ago

I accidentally put all the interfaces on my router running openwrt into the wrong firewall zone so now I can't access it via ssh or the web interface. I already had it configured though and it still works so I'm just ignoring the problem until something breaks

[-] muntedcrocodile@lemmy.world 52 points 10 months ago

There is nothing more perminant than a temporary solution.

[-] ignotum@lemmy.world 24 points 10 months ago* (last edited 10 months ago)

"i'll fix that later"
Narrator: "they never did"

[-] idunnololz@lemmy.world 30 points 10 months ago

It's super secure though, not even you have access!

[-] incogtino@lemmy.zip 12 points 10 months ago

I did the same thing, set up OpenWRT perfectly, then changed the local range from 192.168.1.0 to 192.168.0.0 to suit some legacy connections. Everything works, except I can't change settings on the router, so for now I leave it alone

[-] Tangent5280@lemmy.world 5 points 10 months ago

Maybe you can put aside a day which has nothing else going on so you can sit down and fix it before it breaks.

[-] brognak@lemm.ee 2 points 10 months ago

Sounds like my Unifi experience with the old CloudKeys that liked to brick themselves if the wind blew in a way they disliked. Everything still ran fine, but I couldn't manage any of it till I factory reset it all. I think it ran like that for 3mo before I could be bothered 😅

[-] jmd_akbar@aussie.zone 35 points 10 months ago* (last edited 10 months ago)

Whistles and looks away

I have absolutely no idea what you're talking about

😜

[-] sum_yung_gai@lemm.ee 28 points 10 months ago

UFW is a software firewall. SSH is a way to remote into computers. The joke is they turned on UFW and got locked out of the machine.

[-] vort3@lemmy.ml 39 points 10 months ago

I'm pretty sure it was a joke.

Everyone did this at some point, but nobody would admit such a silly thing happened to them.

[-] oconnordaniel@infosec.pub 12 points 10 months ago

Never done this to a single server.

Managed to write the “ufw enable, deny all” part of ansislbe script without the “allow 22” part and run it against all my homelab once.

[-] jmd_akbar@aussie.zone 6 points 10 months ago* (last edited 10 months ago)

Hehe. I was joking there.

Have done it randomly on my backup raspi 3 so many times 🤣

[-] sum_yung_gai@lemm.ee 6 points 10 months ago

I've been bamboozled

[-] Sebbe@lemmy.sebbem.se 17 points 10 months ago

Firewallcmd's runtime-to-permanent is one of my favorite features of any software. Set everything up, make sure everything works before making the changes permanent. If not, just reboot!

load more comments (2 replies)

[-] crony@lemmy.cronyakatsuki.xyz 9 points 10 months ago* (last edited 10 months ago)

Happened to me, luckilly I kept an ssh connection up.

Now I make sure to enable the firewall rules before I enable ufw ( still happened to me 3 more times ).

[-] RedstoneValley@sh.itjust.works 8 points 10 months ago

I know this is posted in funny, but whatever. You could still login locally using keyboard and monitor. Uncool, but it works

[-] marcos@lemmy.world 17 points 10 months ago

You are assuming there is a keyboard and monitor plugged to it, and that the computer is somewhere nearby.

None of those are automatically true. And when it's nearby, it's usually easier to just get the SD card into another computer and edit the configuration.

[-] treechicken@lemmy.world 5 points 10 months ago

That's exactly what I did lol. Thankfully my Pi's just in a drawer. If this was a remote host at work I would've already shat myself :P

[-] KingThrillgore@lemmy.ml 6 points 10 months ago

this is me dealing with ZScaler at work

[-] r00ty@kbin.life 6 points 10 months ago

I've had to boot a remote server into rescue after locking myself out.

I think most people have done this at least once.

[-] GolfNovemberUniform@lemmy.ml 6 points 10 months ago

Connects a monitor and a keyboard to the Raspberry Pi

[-] bartolomeo@suppo.fi 9 points 10 months ago

Defeatedly Connects a monitor and a keyboard to the Raspberry Pi

load more comments (5 replies)

[-] 7heo@lemmy.ml 5 points 10 months ago

ufw is not a good software. I really tried to work with it. My solution was to disable it.

[-] tetris11@lemmy.ml 8 points 10 months ago

It's better than raw iptables / nftables though.

[-] wgs@lemmy.sdf.org 6 points 10 months ago* (last edited 10 months ago)

Just like stabbing yourself if the eye is better with a fork than with a rusty fork.

pf gang rise up !

[-] 7heo@lemmy.ml 4 points 10 months ago* (last edited 10 months ago)

Not IMHO no. By far.

[-] churisotophu@feddit.de 4 points 10 months ago

This literally happened to me yesterday. Fortunately ufw enable did not configure it as persistent across reboots 🤠

[-] Crack0n7uesday@lemmy.world 3 points 10 months ago

it's become self aware and is always blocking ports 22 & 23.

[-] Discover5164@lemm.ee 3 points 10 months ago

i have ssh configured on a different port,

more than one time i enabled ssh in ufw, restarted the service... and the connection dropped

[-] uis@lemm.ee 3 points 10 months ago

UART it

[-] JATtho@sopuli.xyz 3 points 10 months ago

It happened to me when I was configuring IP geoblocking: Only whitelist IP ranges are allowed. That was fetched from a trusted URL. If the DNS provider just happened to not be on that list, the whitelist would become empty, blocking all IPs. Literally 100% proof firewall; not even a ping gets a pass.

load more comments (1 replies)

[-] PlexSheep@feddit.de 3 points 10 months ago

What is a good firewall that can also block ports published with docker? I'd need it to run on the same host.

[-] iiGxC@slrpnk.net 3 points 10 months ago

Ufw should work, jus ufw block/limit/allow port number

load more comments (3 replies)

load more comments (11 replies)

[-] RustyNova@lemmy.world 2 points 10 months ago

I know I forgot to reactivate my firewall yesterday, but I'm too scared of getting locked in to do it remotely. I have physical access to it, but gotta wait after work

[-] Cysioland@lemmygrad.ml 3 points 10 months ago

Yeah, that's my philosophy. Don't mess with it unless I can get my ass in there and fix it in case it goes south.

load more comments (1 replies)

load more comments

this post was submitted on 16 Feb 2024

717 points (97.6% liked)

Programmer Humor

32739 readers

776 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

Posts must be relevant to programming, programmers, or computer science.
No NSFW content.
Jokes must be in good taste. No hate speech, bigotry, etc.

founded 5 years ago

MODERATORS

AgreeableLandscape@lemmy.ml

cat_programmer@lemmy.ml