IMO, no. I don’t use pfsense on a daily basis (MikroTik FTW), but netgate will use CE as a testing ground. They’ll keep putting out updates; but advanced functionality will be paywalled.

Unlikely.

Don’t use more than two SFP transcievers in that CRS305, it’ll overheat otherwise.

And?

What region of the world?

Once a year for firmware updates. But my unraid box usually needs reboots once a month to stay stable.

Vaultwarden. Been using it self hosted for 3 years.

Ilulz. Automated scans cost nothing in resources. That would not find a host IP, it’d find the public Ip and open port.

Nothing will stop a general scan from happening. Especially if it’s a slow scan.

Scans won’t trigger dos/ddos alerts.

The only thing a CF tunnel does is protect your home IP. Doesn’t protect the app or server you’re exposing.

Not so much will someone be assed about it, it’s whether a script will pick you up your server. There’s a ton of aggregation search engines that scan most IPv4 addresses and list them on what ports are open etc. such as Shodan.io

Like I said, safeish.

Meh. Safeish. Until one of your servers has a zero day.