You are welcome @whoami.
Almost every VPN guide in the forum, like the one you quoted, rely on dom0 firewall as the sole and primary anti-leak machanism, that is simply a bad security practice. First, you enforce strong firewall rules in the VM itself, THEN you expand it as much as possible to every other security feature available, both inside and outside the domain of the VM. This is done for the same reason that in a chess game you will not rely on the Queen to do all the work, but use all the pieces, and in the correct order.
The qubes dom0 firewall does effectively work to prevent unwanted connections, but it’s better used as a backup rather than the primary defense. That’s why in the 2022 Official Qubes VPN Guide I mentioned in the Sources section, you won’t see dom0 firewall mentioned at all - instead they rely on iptables-based rules in the VPN Gateway VM.
Even those official rules themselves, like mentioned by @qubesfirewallbug did not address a series of potential leaks he pointed out, both in the forum, and on the qubes mailing list with the developers:
The reason many guides in here rely solely on dom0 fw rules is because implementing robust anti-leak nftables rules can be complex, not everyone has the expertise required to confidently share them publicly.
TLDR; Relying solely on dom0 firewall rules does work, but a typo, misconfiguration, or software bug in it could expose you. My guide was written with security paranoia in mind, it’s a considerably more robust, layered defense approach.
That said, feel free to use whatever guide you wish, not everybody is hiding from the NSA! 