sfx2000
Part of the Furniture
You may have to rethink your rules. It is all a learning process. Maybe they need outside access.
I would agree...
Short course on LAN firewalls...
Deny Incoming
Allow Outgoing
Allow Outgoing
This basically is similar to NAT - with an SPI firewall, we can then start opening ports
Allow TCP/22
This opens the SSH port on the firewall for incoming traffic
Allow UDP/1194
This opens up the port for incoming OpenVPN (per defaults - OpenVPN has numerous options here, some better than others)