There are a bunch of hosts in my LAN, all of them are connected directly to my router. One of the hosts (host A) is connected to a WireGuard server and is a default gateway to the other hosts within LAN. The router's IP address is a default gateway to the host A. Host A is responsible for routing the whole outcoming network traffic through a VPN server.
I want to secure host A by blocking all the ports that can be blocked. However a default gateway does not seem to have a port to allow connections to. What are the ports to be left unblocked on a default gateway? To control firewall, I use UFW.
Should I do it like
https://askubuntu.com/questions/1613...-ip-forwarding, allow ALL incoming traffic within the LAN? Is it secure enough?