I always assumed that the VPN connection is shared by many HTB users, so it seemed like a good idea to be a bit paranoid about the trustworthyness of a VM that is reachable by lots of users that may want to mess around. Maybe I was wrong about that assumption :D

Anyway, apart from this possibly impractical usecase, it just seems like an interesting problem.

I'll just go with a standard bridge + ip/nftables setup then. Thanks for the input.