Rollback, cover your ass, whatever, it is a good thing 
.
Personally , most of my machines are now virtualized so not a prob, the few on-site ones still have /dev/tty? backup access on their telco alarm lines, just for really bad days, if neither were available then an overly restrictive iptables rule would be a bad thing, maybe portknocker in the interim .