Well, I can’t say they don’t deserve it.

No. Offline password managers are also suspectible to supply chain risk.

It is e2e encrypted and just works. Everything in Firefox Sync is encrypted including Bookmarks, History, Passwords etc.

Read GPL v3 and why it was introduced in the first place. Code being open source won’t do much.

Same setup here. Worked for years and I’ve no plans to switch. As long as Nextcloud is up, bidirectional editing is simple. Trouble comes when one of the clients edited the KeePass file and can’t sync.

banIP works at IP layer. It basically injects additional firewall rules to nftable to reject packets from specific set of IP addresses. It is not aware of layer 7 like HTTP.

What is your goal exactly? Do you want to allow /.well-known to all countries including the bad ones you are blocking? Then you’ve to do it at application layer or setup a reverse proxy that has WAF (Web Application Firewall) and serve ./well-known from the proxy.

Good for you. I use OpenWrt on a decent router yet it’s so flexible. I can create multiple VLANs with different firewall rules, multiple APs, Ad and IP blocking etc.

Honestly I can’t imagine going back to a shitty ISP router ever.