Read GPL v3 and why it was introduced in the first place. Code being open source won’t do much.

Same setup here. Worked for years and I’ve no plans to switch. As long as Nextcloud is up, bidirectional editing is simple. Trouble comes when one of the clients edited the KeePass file and can’t sync.

banIP works at IP layer. It basically injects additional firewall rules to nftable to reject packets from specific set of IP addresses. It is not aware of layer 7 like HTTP.

What is your goal exactly? Do you want to allow /.well-known to all countries including the bad ones you are blocking? Then you’ve to do it at application layer or setup a reverse proxy that has WAF (Web Application Firewall) and serve ./well-known from the proxy.

Good for you. I use OpenWrt on a decent router yet it’s so flexible. I can create multiple VLANs with different firewall rules, multiple APs, Ad and IP blocking etc.

Honestly I can’t imagine going back to a shitty ISP router ever.

Agree. Saying TPM is bad is same as saying Encryption is bad. It’s not about the technology. It’s about the evil hearted corporations using these technologies to limit user freedom.