

Why wouldn’t it be possible?
The phone is providing the client app connection, you just need an interface from the client to the POTS system, or just the hardware you’re using as a phone.
Years ago I had a cordless phone that connected to the Skype client on a pc - you could call a phone number, or a Skype contact with it.
This is no different - you just need to establish the interface between the hardware and software.
Scans for open ports run continuously these days.
Ten years ago I opened a port for something for a couple days - for months after that I was getting regular scans against that port (and others).
At one point the scans were so constant it was killing my internet performance (poor little consumer router had no defense capability).
I don’t think the scans ever fully stopped until I moved. Whoever has that IP now probably gets specifically scanned on occasion.
And just because you don’t run a business doesn’t mean you have nothing to lose.
DMZ should be enough… But routers have known flaws, so I’d be sure to verify whatever I’m using.