Hacker News new | ask | show | jobs
by cpach 1433 days ago
Even better: Put the SSH port behind WireGuard/Tailscale.
1 comments
RunningDroid 1433 days ago
That's basically what I do, nftables is configured to drop most* incoming traffic unless it's coming from wg0.

*: with the exception of wireguard's ports, transmission's non-admin ports, etc

link