Comment on [deleted]

<- View Parent
hayalci@fstab.sh ⁨1⁩ ⁨year⁩ ago

Good point, kernel updates should be paired with reboots to get kernel patches applied quickly.

Yes wireguard would only accept connections clfrom clients with known certificates, but this is “belt and suspenders” approach. What happens if there’s a bug in wireguards packet parsing or certificate processing? Using port knocking would protect against this —very remote— possibility.

source
Sort:hotnewtop