Linux · Firewalls (nftables & firewalld)

You're testing a new firewall over SSH on a remote server. What's the safe way to avoid permanently locking yourself out?

Sign in to see the full answer — free to start on the web.

This is one card from the KnowCard library. The full way to learn it — spaced-repetition review, progress tracking, and AI explanations — lives in the KnowCard app, free to start on the web. iOS & Android are coming soon.

Get started — it’s free

Already have an account? Sign in →

More in Firewalls (nftables & firewalld)

On a fresh openSUSE install the firewall is already blocking almost all outgoing traffic, and the built-in YaST firewall module is missing your Ethernet interface. What is the recommended way to fix rules?
You want to run a custom service on port 900 versus port 2000. Why does one of those choices require root and the other does not?
Where does a Linux system map friendly names like ssh, http, and https to their numeric IP port numbers?
A colleague says every IP service confirms receipt of packets. Which common protocols contradict that, and why does it matter for firewall rules?
You want a quick list of which ports your local machine is actually listening on, including the owning process. Which netstat invocation gives that?
You need to find which process is holding a specific network port, say port 22. Which command targets that directly?