Locked myself out of my NAS and recovered without a reset

[boony]

I searched the forum, but all I could find in response to "I locked myself out of my NAS with QuFirewall" were variations on "time for a paperclip reset, then".

I got lucky tonight, so I figured I'd post my experience in the hope that it might help someone else.

TL;DR: open an SSH session to the NAS before messing about with QuFirewall.

I'm new to QNAP and QTS, and I'm currently finding my way around my shiny new TS-251D. I thought I'd use QuFirewall to lock down inbound management access to devices in one subnet, and hamfistedly set the permit rule's source to x.x.x.0/32 instead of x.x.x.0/24, and didn't notice.

All of a sudden, the QTS web interface wouldn't play nice. Gee, I wonder why...

Here's where I got lucky: I happened to have an SSH session already open to the NAS, and QuFirewall didn't dump that existing session when I flicked the switch to lock myself out. Searching the filesystem revealed the existence of .qpkg/qufirewall/QuFirewall.sh and /etc/config/QuFirewall.conf.

I edited QuFirewall.conf to change the line firewall_status = 1 to firewall_status = 0, then issued QuFirewall.sh stop followed by QuFirewall.sh start. That saved my bacon.

However, I realise that I was lucky. If I hadn't had that SSH session already open, it would have been time for a paperclip reset for me, too.

So, my experience is, if contemplating any modifications to QuFirewall, open an SSH session first. It's a safety-net against hamfistedness.

[swisshuttles]

Thank you for this post. It really helped me out today! I didn't have an open SSH connection but I was able to connect a monitor thru hdmi and a keyboard thru usb to get access to the shell and disable the firewall.

The stupid qnap-message said to first deny everybody and second allow yourself. Please never ever do that! First allow yourself on top and deny everybody on the last rule.