Different person here, but no. I never write firewall rules based on individual source addresses. They’re too easy to fake. And with IPv6’s privacy extensions, you never know what source address a given machine will have anyway.

No. Admittedly, my firewall rules are all about granting something extra beyond the basics. I only do this for clients I care about anyway, so I can always tell them to use the right address.