Restrict management interfaces to LAN

[darkk]

lepidopter may be exposed to Internet, it has ssh enabled with weak default password and authless ooniprobe web interface.

I can imagine several (unlikely, but imaginable) cases for the exposure:

• User's ISP & router are IPv6-capable providing routable IPv6 address to lepidopter
• User setting up port-forwarding carelessly to view nice ooni-probe wui from a 3G smartphone
• User is ISP and lepidopter is given routable IPv4 address
• Some unpredictable port-forwarding madness triggered by combination of systemd, Bonjour/avahi and uPNP

I can suggest couple of ways to restrict management interfaces:

1. on network-change event triggered by dhclient/systemd/whatever parse output of ip -o addr and allow source IPs from known subnets
2. on network-change event parse ip neight and deny source MACs of various routers