Sniffing with Net::Cap to stealthily managing iptables rules remotely, Part 1
So the trick was to find a way to dynamically allow inbound SSH access from 'authorized' machines. Since the machines he was going to be connecting from were Windows machines with almost no useful software[2] it was a bit of a trick to find something simple.
Using our 10 minute firewall setup, we had already effectively blocked inbound SSH because the initial SYN packet would always be discarded.[3] What we needed was a simple way to allow those inbound SYN packets for a short window.