A quick fix would be to exempt the default gateway from local access. That's the address of the incoming connection when public access is allowed and the router is doing double NAT (DNAT+SNAT).
I see random attempts to connect in the logs, but they are always denied. Without the correct credentials on the attackers side not really worried about it. Plus I run my server on a machine that has nothing else on it but the server. Might look at putting it on a vlan to isolate it, but I have been connected full time to the internet since 1994 and in that whole time no one has found my little home network worth attacking with any determination. I am more worried about the stuff I store in the cloud since all of the cloud providers have been hacked at one time or another. Now I encrypt all files on my side first using cryptomator.
VLAN is not a security tool. This forum clearly needs Bad Advice section where posts like this could be moved to.
You are such a smug little pain in the butt. Why don’t you go and prove your expertise on everything somewhere else.
Never said it was for security, just to isolate that server on its own, just like I do with my wireless devices. Again you hate this software so much but you keep coming here expecting it to mold to your wishes. Go write your own code, build it exactly the way you need it and stop complaining.
I make no such claims. I m just calling out your BS. I hope this thread will remain open as posts like yours have been used to justify closing threads in the past.
You clearly can not make a distinction between hate and tough love. I am actually quite impressed by the software. Doesn't mean there aren't any issues left requiring attention.