Protecting the Pi: Restricting SSH to the USB gadget
Why? ssh is a remote login that is pretty much the only way to work on a headless Raspberry Pi without an attached keyboard/monitor or serial console cable. Remote login capability is a security risk even with something like SSH. There are some good articles that describe how to lock down SSH via password change or other security measures. I decided to limit SSH to specific network interfaces. Raspberry PIs can have several network interfaces. The only hardwire network interfaces Raspberry Pi Zero when it is in Network Gadget mode. I only truly trust the USB private LAN ( usb0) since it requires a direct connection and cannot be directly seen by any other device. Interfaces Our Raspberry PI can have several different Network Interfaces. All of them are candidates for allowing or denying SSH or other inbound access. Linux lets us manage ssh by letting us configure port related ALLOW / DENY on all network interfaces. We can create inbound iptables firewall rules. The scrip