I thought I was fine, until I installed IDS/IPS on my OPNSense box, and noticed one of my servers trying to contact a malicious IP. Took everything offline that day and keep publically facing services on other peoples networks :~)

Personally, I just wireguard in to my local net. No need to have CF snooping where they don’t need to.

It all depends on your use cases and what you (or your users) need to access.

Lol, decided to ask chatGPT this question, turned out pretty well:

Alright, imagine you have a magic tunnel that can connect different places together. But this is not an ordinary tunnel that you can see or walk through. It’s a special tunnel that works with the internet!

You know when you want to visit a website on your tablet or computer, you type its address in a web browser, right? Well, sometimes websites need extra protection to stay safe from bad things on the internet. That’s where Cloudflare Tunnel comes in!

Cloudflare Tunnel is like a superhero that helps keep websites safe. It creates a secret passage between the website and Cloudflare’s special servers. When people try to visit the website, their requests go through this secret tunnel first.

Now, imagine there are some bad guys who want to do bad things to the website. They try to find the website, but all they see is the secret tunnel. They can’t see the website or know where it is. It’s like the website is hiding!

But good people, like you and me, can still find the website because we know the secret. We can use the magic tunnel to reach the website and see what’s there. Cloudflare Tunnel helps protect the website from the bad guys and lets the good people get through.

So, Cloudflare Tunnel is like a special secret tunnel on the internet that keeps websites safe from bad guys and helps the good people find them.