The company I work for implemented a remote monitoring system over cellular some years ago, and as we have a low-powered CPU we wanted an APN which blocked incoming connection attempts.
We started experimenting with "www.vodafone.net.nz" which did have incoming unsolicited traffic, but at some point during development the incoming traffic abruptly stopped and we figured that VF had turned the switch off and kept using that APN.
Recently while debugging a different fault I looked at the PPP traffic and found that the device was fielding incoming TCP connection attempts from random IP addresses in France etc. and a UDP packet from "scan-10k.shadowserver.org" supposedly in the USA.
Has this been an official behaviour change by VF? The ancient sticky for Vodafone APNs doesn't mention "www.vodafone.net.nz", although it is supposedly the default according to other posts, and other posts seem to imply this APN blocks incoming traffic.
NAT isn't a problem because we only make outgoing TCP connections.
Should we be using a different APN? If so, what ? Searching GZ hasn't really shed any light, although I have tried a few search terms.