There’s all kinds of things you can depending on how deep down the rabbit hole you want to go but by default the firewall rules are already configured to reject any unauthorized/unknown incoming WAN traffic to the device.
Most hardening would be related to the LAN side of things which may/may not be important depending on your threat model.
One aspect I would highly advise regardless is to enable Encrypted DNS via DOH through either Cloudflare or Quad9. Note Cloudflare is generally faster but US based & holds logs for 25 hours per their privacy policy.
GL GUI → Network → DNS → DNS Server Settings →
- Mode → Encrypted DNS
- Encryption Type → DNS over HTTPS
- Servers → + Server → [ search for Cloudflare/Quad9 ]
Confirm your results via ipleak.net.
There’s other details that can harden Encrypted DNS at the cost of a slight performance hit but that requires digging into configuration files (.conf) within the underlying OpenWrt Linux OS. If you’re comfortable with the premise of learning SSH, basic command line usage, basic text editing it can be done easily enough.
Of course I’m still neglecting a discussion of VPN providers.
It does but it’s a change in terminology as firmware v. 4.x is more flexible than the Mango’s v. 3.x: GL GUI → VPN → VPN Dashboard → VPN Client → Global Option.
Also, 4.23-release5 is the latest stable firmware for the Flint: GL GUI → System → Upgrade or GL.iNet download center