Firewall setup for high security for OpenVPN client

[Rolf Nielsen]

Hello everyone,

I've been using OpenVPN for some time, and now I'm looking to strengthen
the security a bit more.

I have disabled WebRTC in Firefox, and I'm using the VPN service's DNS
servers, rather than the ones of my ISP, and now it's time for the firewall.

I will of course need to communicate with the VPN server, and I'm
assuming that goes on the physical interface. Inbound, outbound or both?
TCP, UDP or both?

I get my IP from my ISP through DHCP. Need I open anything up for that?
Inbound, outbound or both? I'm guessing ports 67 and possibly 68, UDP.

Anything other than that on the physical interface?

Apart from any servers I may be running, what should I open up on the
tun interface?

And last, but not least, what should I absolutely close?

In case it matters here, I'm currently using ipfw. Since most people
tend to recommend pf, I believe I will move to that one, but I'll do
that later. Since I'm used to ipfw, it's more likely that I understand
what I'm doing, and once I understand that, I'll consider learning how
to do it in pf instead.

-- 
Vänligen / Sincerely,
Rolf Nielsen