Do I need firewall VM?

I don’t know anything about firewalls and I’m not planning on blocking anything, but I will be making a VPN VM. If so is there any reason to have the firewall VM at all? And if not, should I simply make that into my VPN VM or would that be some kind of issue?

Thanks everyone!

My opinion on this topic: no.

Instead think about:

  • using dispVMs whenever feasible
  • disabling root inside your AppVMs
  • using kicksecure as a template for your AppVMs and
  • installing opensnitch inside your AppVMs
  • your threat model and decreasing your attack surface

PS: in what way do your iptables inside your AppVMs differ from your iptables inside sys-firewall? Anyway, I believe, sys-firewall fetches the updates for dom0, so that might be a reason to keep it.