1. Proposed title of this feature request

Ingress Node Firewall has failsafe rules that prevent custom settings for SSH. 

2. What is the nature and description of the request?

While it makes perfect sense to have anti-lockout for API, etcd, Ingress and kubelet, SSH should be in control of the customer as this won't break OCP Cluster functionality.

3. Why does the customer need this? (List the business requirements here)

Customers which need to stay compliant to security regulations might need to block SSH access to all Nodes from within the Cluster (i.e. workload) as well. For maintenance, they need to keep it only open for specific networks/hosts. With the current approach and the zero-trust functionality we have in Ingress Node Firewall, this is not possible.

4. List any affected packages or components.

Ingress Node Firewall Operator