Checkout PFSense and PFBlocker-NG. It's a geofence blocker to DENY all incomming requests from various IP subnets that you select on the public side. If you have any open ports (say for games or otherwise on your home network) this will really cut back on system load/login attempts. It can just drop the packets entirely, not even entertaining them.
You'd ideally want to use a VPN and not expose any other ports on the firewall. For example never open an SSH port. If you do use a keypair and make it a non-standard port. But having a VPN would prevent you from even needing to open SSH ports as the VPN would essentially put you on the LAN. Most consumer routers will let you setup a VPN server for your LAN now.
But something like hosting a webserver at home this (Geoblocking) can really help with. In addition to using cloudflare as your domain registrar for DDOS protection.
If you have a consumer firewall you may or may not have access to doing this. (Geoblocking)
With pihole you could create lists of domains (say from certain countries) that you do not want to resolve for name resolution. But it would not stop those countries from attempting to access open ports on your network. I.e. ingress vs egress
By default your home firewall/router, if it is a consumer model, should not have any ports open.
Checkout PFSense and PFBlocker-NG. It's a geofence blocker to DENY all incomming requests from various IP subnets that you select on the public side. If you have any open ports (say for games or otherwise on your home network) this will really cut back on system load/login attempts. It can just drop the packets entirely, not even entertaining them.
You'd ideally want to use a VPN and not expose any other ports on the firewall. For example never open an SSH port. If you do use a keypair and make it a non-standard port. But having a VPN would prevent you from even needing to open SSH ports as the VPN would essentially put you on the LAN. Most consumer routers will let you setup a VPN server for your LAN now.
But something like hosting a webserver at home this (Geoblocking) can really help with. In addition to using cloudflare as your domain registrar for DDOS protection.
Here's a video on it:
https://www.youtube.com/watch?v=oNo77CMoxUM
If you have a consumer firewall you may or may not have access to doing this. (Geoblocking)
With pihole you could create lists of domains (say from certain countries) that you do not want to resolve for name resolution. But it would not stop those countries from attempting to access open ports on your network. I.e. ingress vs egress
By default your home firewall/router, if it is a consumer model, should not have any ports open.
Hope this helps!