Quote:
Originally Posted by ucharfli
When the VPN connection is disconnected, I do not want to go online with the Web browser.
Is not PF needed?
If you do not have a VPN, I do not want your Internet..!
|
This is a different requirement from your original post.
It is my understanding that the VPN technology used by ProtonVPN is
OpenVPN. OpenVPN uses UDP or TCP connections, the standard port number is 1194 with either protocol.
Yes, PF can limit all inbound and outbound traffic on the physical interface to TCP or UDP that connects with that port number. It can then permit all "internet" destined traffic to use the tap(4) tunnel device created by OpenVPN on OpenBSD.
However, you may need some open connectivity to the Internet in order to establish the OpenVPN connection to your service provider, such as domain name services. Is your connection to your service provider by domain name, or by IP address?
You may also need some open connectivity to establish your system's IP address. DHCP is the most common protocol used to obtain dynamic IP address and routing information.