I wanted to start a separate thread for this question and procedure. I am currently looking at my PF panel and don't see how to accomplish what I am wanting to do. I am FLEXIBLE to switching software firewall programs (free given preference) to satisfy this NEED. I sit on a private network behind a router. There can be several wireless devices in play at different times. I am ONLY concerned about one laptop on this post/thread. Additionally, I use a software firewall on the laptop in question. This thread is NOT about protecting from virus, trojan, etc... but is directed at protecting anonymity during the time the machine boots. I only use this machine behind and in a VPN tunnel. I am looking to discover how to lock down the software firewall (this machine only not the network, which would be easier) so that the only outbound network connection allowed is that of the VPN IP or whatever settings will limit ANY traffic outside of that connection. Once I learn how to do this on one VPN I can then add all the others I use as well. The firewall rule for one will show me how to configure for each. I am not too experienced on setting this type of rule. My VPN client will remove the default route out of the machine once I get connected. In other words if the VPN connection drops after I am connected I am safe with NO default connection. It won't transmit out of the tunnel. I am not concerned about the exit nodes on this thread either. Let me explain my intent. Once and only when this laptop is tunneled to the VPN at that point my OS, AV software, etc... can update. I do NOT want them accessing the net using the IP my ISP assigns to the network. I really could use some firewall expertise here. This is a very important piece of my security that is missing at this point.