FallyfallB

I’m by no means any security expert, but my 2 cents are these:

• Zero-day attacks, where the name refer to how many days a vulnerability has been known when first used. These are more or less impossible to safe-guard against. The only thing that would delay an attacker in your setup is 2FA. But can you be sure there aren’t any weaknesses or vulnerabilities on your 2FA setup? Kaspersky mentions a few interesting zero-days on their resource center.
• Blocking all countries except the one you live in can create a false sense of security because VPS are a thing and hosted in most countries. That means that a malicious person could spin up a VPS in a country which is allowed to access your public-facing address.
• Depening on what kind of services you run, there could be privilege escalations which could grant an attacker with more leverage to find weaknesses in software. I think Darknet Diaries’ episode on the LinkedIn incident explains this well.