@MarkAssPandi @doskel @errant
Inbound traffic can only connect if a program is listening on that port and the local firewall is open. Something like SSH should be fine; barring any bugs it will only let authorized connections.
Problem I guess is either something legitimate exposing an unsecured service, like if you were running telnet, or malware listening for commands. I'm not sure how much of a problem NAT provides to malware. Maybe NAT traversal is too much effort, but having it call back to your server protected by cloudflare seems popular anyway. IPv6 address space is so large you may need to do that anyway rather than scan the entire internet(?). Idk, I'm not an expert here
walnut 🌱
@walnut@thesoftestpaws.net