Risks with setting up a authentication-less public VPN


I’m in the process of setting up an authentication-less public VPN. To prevent against DoS attacks, I’m going to set up some sort of IP address based rate limiting. The VPN is port-bound, i.e., it will only connect to ports 80 and 443 of other sites.

(1) What sort of attacks could I expect (i) on the VPN (ii) conducted via VPN on other websites?

(2) Are there ways in which I can prevent those attacks?