Comment on [deleted]
We can go harder: port knock to open the port to a cert-only VPN:
wiki.archlinux.org/title/Port_knocking
Felt a bit like a faff to me, so I never bothered. Does depend upon your threat model though
Totally.
Port knocking is one of those “of course someone did that” things to me too. A replay attack is enough to make it security theater.
An IP allowlist is a more useful addon.
martinb@lemmy.sdf.org 3 days ago
Felt a bit like a faff to me, so I never bothered. Does depend upon your threat model though
Botzo@lemmy.world 3 days ago
Totally.
Port knocking is one of those “of course someone did that” things to me too. A replay attack is enough to make it security theater.
An IP allowlist is a more useful addon.