Recovery Procedures

Recovery Procedures

When firewall issues cause significant problems, having tested recovery procedures enables rapid restoration of service.

Emergency Bypass Procedures:

#!/bin/bash
# Emergency firewall bypass script
# USE ONLY IN CRITICAL SITUATIONS

LOG_FILE="/var/log/emergency_firewall_bypass.log"

log_action() {
    echo "[$(date)] $1" | tee -a "$LOG_FILE"
}

# Check if this is really an emergency
echo "WARNING: This will temporarily disable firewall protection!"
echo "Only use this in genuine emergencies."
read -p "Type 'EMERGENCY' to continue: " confirmation

if [ "$confirmation" != "EMERGENCY" ]; then
    echo "Cancelled."
    exit 1
fi

log_action "Emergency firewall bypass initiated by $(whoami)"

# Backup current state
iptables-save > /tmp/emergency-backup-$(date +%Y%m%d-%H%M%S).rules

# Set permissive rules
log_action "Setting emergency permissive rules"
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -F
iptables -X

# Keep basic protections
iptables -A INPUT -p tcp --dport 22 -m recent --update --seconds 60 --hitcount 10 --rttl --name SSH --rsource -j DROP

# Set timer for automatic re-enable
RESTORE_DELAY=900  # 15 minutes

log_action "Emergency bypass active. Firewall will restore in $RESTORE_DELAY seconds"

# Create restore script
cat > /tmp/restore_firewall.sh << 'EOF'
#!/bin/bash
iptables-restore < /tmp/emergency-backup-*.rules
echo "Firewall restored from emergency bypass" >> /var/log/emergency_firewall_bypass.log
EOF

chmod +x /tmp/restore_firewall.sh

# Schedule restoration
echo "/tmp/restore_firewall.sh" | at now + 15 minutes

echo "Emergency bypass active for 15 minutes."
echo "To restore immediately: /tmp/restore_firewall.sh"