Should firewall be enabled?

[zilexa]

First of all thank you for this, it's amazingly simple to setup! I first found a different solution and noticed an issue report that recommended to enable the firewall: https://github.com/sebgl/htpc-download-box/issues/19

quoting the reporter of that issue:

In my tests, when VPN is not connecting properly, a child container was able to happily connect using host network, thus making the setup completely pointless. Easiest way to simulate is to put a wrong remote hostname in your ovpn file. Somehow child containers are able to connect out.

Would this apply to your solution as well? If so, how can we enable the firewall?

[rwalsh0975]

That issue refers to specifically when the VPN has trouble connecting and is part of a packaged solution containing multiple containers. Allowing connections only through the VPN/proxy container is going to depend on your particular setup (which is what I assuming you're getting at by saying "enable the firewall")

[Joentje]

For me it not really clear what you mean. Do you want to block certain traffic? If the VPN cannot connect, the containers using the containers network cannot connect as well.

Can you maybe explain little bit more?