I want to keep a list of whitelisted IPs for a service that is on 443.
I am a regular user of fail2ban and encourage everyone to use it and it's alternatives.
However, there are times when I want to personally monitor a service and vet all failures.
At times I'd like to reduce the amount of logs by restricting the IPs that can possibly generate logs.
Problem 1 - due to the nature of dynamic IPs sometimes the IP changes for one of my limited list of users, I want to provide them a way to update their IP without giving them access in OPNsense.
bad solutions:
1. SSO - best solution if possible, but I have some users whose clients are not capable
1. basic auth - this also breaks many of the clients of my users
1. use port knocking - I know bad idea, hence this post, but I could see providing some script (python etc) that a client could run that would merely update their IP
other ideas?