Unless you want to filter OpenVPN access via LAN interface, the rule
Other than that, rules are pretty good ... but make sure interface list membership is correct.
could be removed. As the rules are now, the next rule accepts OpenVPN connections and then the next one drops everything coming in not from LAN. So the only connections that the quoted rule drops but the "drop from not LAN" doesn't are OpenVPN connections from LAN.chain=input action=drop protocol=tcp src-address-list=!openvpn_list dst-port=443 log=no log-prefix=""
Other than that, rules are pretty good ... but make sure interface list membership is correct.
Statistics: Posted by mkx — Tue Dec 26, 2023 10:18 pm