Blacklist everything then whitelist the IPs you know you’ll be connecting from (work, cell phone, etc). I don’t connect from random places usually. If I need to then I use cellular. You might be better off with a VPN if you need to connect from random places.
I see, thanks!
Is there any concern with whitelisting a cellular CGNAT’s public IP? Presumably that would potentially whitelist thousands or tens of thousands of other mobile devices at once, wouldn’t it?
Is there any concern with whitelisting a cellular CGNAT’s public IP?
It depends on how much you decide to whitelist. In my case I whitelist my cellular carrier’s IP block. Which does expose those services a little more broadly but I’m willing to risk it.
I see, thanks!
Is there any concern with whitelisting a cellular CGNAT’s public IP? Presumably that would potentially whitelist thousands or tens of thousands of other mobile devices at once, wouldn’t it?
It depends on how much you decide to whitelist. In my case I whitelist my cellular carrier’s IP block. Which does expose those services a little more broadly but I’m willing to risk it.