OpenRemotePort
Open ports on demand while keeping only core services exposed.
A small Go/Python toolchain that allows authenticated clients to request temporary port opening on a server, while keeping the default external surface limited to HTTP/HTTPS/SMTP.
Problem
- Some workflows require temporary access to non-standard ports.
- Keeping many ports permanently open increases risk and operational noise.
Solution
- Implemented a request/verification scheme and a controlled server-side command runner.
- Integrated with a firewall (UFW by default) to open/close ports for legit clients.
Highlights
- Reduced default attack surface
- Authenticated requests with replay/time checks
- Firewall automation with optional cron keeper
Screenshots
Screenshots are not included yet. If you’d like, I can add screenshots and a short GIF walkthrough once a stable demo/deploy target is confirmed.
What I learned
- Security features need defense in depth: time windows, shared secrets, and strict validation.
- Operational documentation is as important as code for security tooling.
Notes
- This is an open-source personal project (not client work).
- Security tooling should be reviewed and adapted before production use.