> it would be much saner to expose an SSH server with pubkey-only access or VPN
It would be safer to leave open to the public only a secure protocol based on strong cryptographic keys instead of a password. Or you have to be signed in to a VPN to see the page.
> brute forcing protection
Try too many passwords? Try again in 1 minute. Again? 30 minutes
> allow tunnelling to the router UI only from the LAN side
I think this one means don't expose it to the internet at all. Just from your local network.
>
It would be safer to leave open to the public only a secure protocol based on strong cryptographic keys instead of a password. Or you have to be signed in to a VPN to see the page.
> brute forcing protection
Try too many passwords? Try again in 1 minute. Again? 30 minutes
> allow tunnelling to the router UI only from the LAN side
I think this one means don't expose it to the internet at all. Just from your local network. >