Updated OpenVPN server: Firewall configuration (using iptables) (markdown)

OpenVPN-server:-Firewall-configuration-(using-iptables).md

@@ -22,7 +22,6 @@ These commands will allow DNS and HTTP needed for name resolution (using Pi-hole
 iptables -A INPUT -i tun0 -p tcp --destination-port 53 -j ACCEPT
 iptables -A INPUT -i tun0 -p udp --destination-port 53 -j ACCEPT
 iptables -A INPUT -i tun0 -p tcp --destination-port 80 -j ACCEPT
-iptables -A INPUT -i tun0 -p udp --destination-port 80 -j ACCEPT
 ```
 
 You will also want to enable SSH and VPN access from anywhere.
@@ -53,12 +52,14 @@ iptables -P INPUT DROP
 
 ###### Blocking HTTPS advertisement assets
 
-Since you're `:head-desk:`ing with `iptables`, you can also use this opportunity to block HTTPS advertisements to [improve blocking ads that are loaded via HTTPS](https://discourse.pi-hole.net/t/why-do-some-sites-take-forever-to-load-when-using-pi-hole/3654/4).
+Since you're `:head-desk:`ing with `iptables`, you can also use this opportunity to block HTTPS advertisements to [improve blocking ads that are loaded via HTTPS](https://discourse.pi-hole.net/t/why-do-some-sites-take-forever-to-load-when-using-pi-hole/3654/4) and also deal with QUIC.
 
 > Why doesn't Pi-hole just use a certificate to prevent this?  The answer is [here](https://discourse.pi-hole.net/t/slow-loading-websites/3408/12).
 
 ```
-iptables -A INPUT -p tcp --dport 443 -j REJECT
+iptables -A INPUT -p udp --dport 80 -j REJECT -- reject-with icmp-port-unreachable
+iptables -A INPUT -p tcp --dport 443 -j REJECT --reject-with tcp-reset
+iptables -A INPUT -p udp --dport 443 -j REJECT -- reject-with icmp-port-unreachable
 ```
 
 Depending on the systems you have connecting, you may benefit from appending `--reject-with tcp-reset` to the command above.  If you still get slow load times of HTTPS assets, the above may help.