In my opinion you should never open Webmin to any. Opening webmin to any allows other people to see wat kind of firewall you use wich is a security risk in itself. You should only allow access from the inside or one ore some 'trusted' networks on the outside.
I don't think its very clever that everybody can see what Firewall you use to protect your network. (possible bugs etc.) Better use PPTP or IPSEC and a DYNDNS-Name to connect from outside and only open webadmin-Gui for the IP-Pools you use for the VPN Clients.
To maintain high security, only allow Webadmin access from the Internal network. If you need to administer an ASL box remotely, you can add PPTP-Pool to the Allowed Webadmin networks, and then just open a PPTP tunnel first when you need to access it. This way there is never any visible HTTPS service on port 443 on the External interface to tempt any hackers.
