Decomposes the M5 mesh-hardening follow-on into 3 independent sub-specs; this is sub-project 1. Three-layer SSH-on-wt0 (sshd ListenAddress=mesh + nftables iifname wt0 + retire the Hetzner WAN :22), ip_nonlocal_bind to beat the post-boot wt0 bind race (fail-closed), live wt0 fact for the listen addr, staged cutover with the firewall auto-rollback as the safety gate. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| plans | ||
| specs | ||