Feature request: Allow a WAN to be used for OOB (Out Of Band) management only

With dependency on #65 as briefly discussed in the tomat64 subforum as well there could be a nice improvement for the WAN settings where an interface (say 3/4/5G but it can be any connectivity really) can be set to be “OOB Only”.

This would allow a backdoor into the system for administration only.

In certain country it’s very cheap to buy a SIM card that is charged by traffic, apart from the DDNS updates and little more this could be an almost free backdoor into the system that provides big value for remotely administered devices.

The practical idea would be to add under the relevant WAN or perhaps VLAN something like:

This interface is for “Out Of Band” management only       [ ]

When set the WAN/VLAN would:

• Update the DDNS
• Make sure the interface is not present in any routing table (so only answering when a packet comes in)
• Restrict traffic to certain protocols only (ssh/https/VPNs)
• Restrict attempts

‌