Blacklist everything then whitelist the IPs you know you’ll be connecting from (work, cell phone, etc). I don’t connect from random places usually. If I need to then I use cellular. You might be better off with a VPN if you need to connect from random places.
I see, thanks!
Is there any concern with whitelisting a cellular CGNAT’s public IP? Presumably that would potentially whitelist thousands or tens of thousands of other mobile devices at once, wouldn’t it?
IP whitelisting
How do you do that? I understand how blocklisting would work but how does whitelisting work in practice? How can you know in advance from which IPs you will connect to your home network in the future? That just seems like a recipe for getting stranded in some hotel without a way into your network.
Do you get a public IP with Starlink?
You’ve very likely already encountered it if you have a device with a SIM card! Most any mobile provider routes via a CGNAT - it’s exceedingly rare for phones to have public IPs.
Unless it can natively run all the existing ready-to-go Pi images and software packages and will also receive community support when I ask for help in a Pi-adjacent forum it’s not really going to be a competitor to the Pi. The hardware is pretty much irrelevant.