2025-02-21, 06:47 PM
(This post was last modified: 2025-02-21, 06:49 PM by shadow82. Edited 1 time in total.)
(2025-02-21, 02:57 PM)TheDreadPirate Wrote: I used alternate ports for external connections (significantly reduces connection attempts) and fail2ban for the rest.
I disable root login via ssh, I disable password logins via ssh (PKI only), and I lock down connections to TLS1.2 and 1.3 and only with secure ciphers.
Hmm... So there is no protection against robots scanning the net and finding software vulnerabilities...
I as for now exposed the service with port 443 for HTTPS and 8096 for HTTP and Jellyfin for Android TV works fine, which means it cannot set TLS session correctly.
I will go with it fo FW and Wireshark people and see what's going wrong there and why FW drops these requests, while other clients work fine.