I find adding dynamic dns entries to my firewalls much more efficient and to have a more meaningful protection value.
A timed job that checks the up of your clients and updates the firewall every 30 seconds seems a much more secure method than having a magic sequence of ports that can be captured in the wild.
It’s hard to spoof a full tcp connection (with a key) needed to update your ddns.
Best part is you can leave your ddns to a separate box or service which complicates the compromise of a single host
A timed job that checks the up of your clients and updates the firewall every 30 seconds seems a much more secure method than having a magic sequence of ports that can be captured in the wild.
It’s hard to spoof a full tcp connection (with a key) needed to update your ddns.
Best part is you can leave your ddns to a separate box or service which complicates the compromise of a single host