I don't know if this is the everyday life of a firewall. At least I found it unusual. I have already set up Crowdsec and Caddy on the OPNsense. A domain is also available and is updated via DynDNS. However, no externally accessible services are currently running. During my regular visit to Crowdsec, I was amazed that an IP from Azerbaijan wanted to connect to my IP address for several hours. The IP was already blocked by the Crowdsec list due to firewallservices/pf-scan-multi_ports. I don't know whether they wanted to test whether the IP would be unblocked again after X amount of time. At some point I was assigned a new IP because it was dynamic and the event ended. What are your experiences or opinions on this?
Your external IPv4 address if not behind CGNAT will be probed 24x7 as soon as you connect to the Internet.