Protecting the Pi: Restricting SSH to the USB gadget

Why? SSH is a security hole but is pretty much the only way to work on a Raspberry Pi without an attached keyboard/monitor or serial console cable. There are some good articles that describe how to lock down SSH via password change or other security measure. I chose a slightly different approach that limits SSH based on the interface. I only truly trust the USB private LAN ( usb0) since it requires a direct connection and cannot be directly seen by any other device. Interfaces The system can ALLOW / DENY ssh on any network interface. We can create inbound firewall rules. The script below uses iptables / ip6tables to block ssh wireless traffic and leaving SSH enabled for wired connections. Some folks may wish to further disable SSH over hardwire ethernet connections. usb0 : Raspberry Pi Zero running in gadget mode with a hard wire (USB) connection to a PC. eth0 : Raspberry Pi 3 and 3+ hard-wire Ethernet jacks. wlan0 : Raspberry Pi Zero W, Raspberry Pi 3,