Hi,
1st question:
Is it from a security point of view relatively safe to directly expose the listening port to the internet?
To my understanding this is necessary if I do not want to use a relay server and all devices are NATed?
A VPN would restrict use cases a lot.
I do of course not expose the Mgmt. UI - not sure how safe that would be at all.
2nd question:
Additionally I was wondering why there is no apparmor profile installed by default. Wouldn't that be best practice for applications with direct internet exposure?
Thanks,
-b