Unlikely.
Don’t use more than two SFP transcievers in that CRS305, it’ll overheat otherwise.
What region of the world?
Once a year for firmware updates. But my unraid box usually needs reboots once a month to stay stable.
Vaultwarden. Been using it self hosted for 3 years.
Ilulz. Automated scans cost nothing in resources. That would not find a host IP, it’d find the public Ip and open port.
Nothing will stop a general scan from happening. Especially if it’s a slow scan.
Scans won’t trigger dos/ddos alerts.
The only thing a CF tunnel does is protect your home IP. Doesn’t protect the app or server you’re exposing.
Not so much will someone be assed about it, it’s whether a script will pick you up your server. There’s a ton of aggregation search engines that scan most IPv4 addresses and list them on what ports are open etc. such as Shodan.io
Like I said, safeish.
Meh. Safeish. Until one of your servers has a zero day.
IMO, no. I don’t use pfsense on a daily basis (MikroTik FTW), but netgate will use CE as a testing ground. They’ll keep putting out updates; but advanced functionality will be paywalled.