Date: Thu, 30 Jun 2016 16:26:31 +0200 From: Rolf Nielsen <rnmtw70@yandex.com> To: freebsd-questions@freebsd.org Subject: Firewall setup for high security for OpenVPN client Message-ID: <16f62435-ad9c-9da4-b7ca-5aade5d00ec4@yandex.com>
next in thread | raw e-mail | index | archive | help
Hello everyone, I've been using OpenVPN for some time, and now I'm looking to strengthen the security a bit more. I have disabled WebRTC in Firefox, and I'm using the VPN service's DNS servers, rather than the ones of my ISP, and now it's time for the firewall. I will of course need to communicate with the VPN server, and I'm assuming that goes on the physical interface. Inbound, outbound or both? TCP, UDP or both? I get my IP from my ISP through DHCP. Need I open anything up for that? Inbound, outbound or both? I'm guessing ports 67 and possibly 68, UDP. Anything other than that on the physical interface? Apart from any servers I may be running, what should I open up on the tun interface? And last, but not least, what should I absolutely close? In case it matters here, I'm currently using ipfw. Since most people tend to recommend pf, I believe I will move to that one, but I'll do that later. Since I'm used to ipfw, it's more likely that I understand what I'm doing, and once I understand that, I'll consider learning how to do it in pf instead. -- Vänligen / Sincerely, Rolf Nielsen
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?16f62435-ad9c-9da4-b7ca-5aade5d00ec4>