Re: [m0n0wall] PPTP and port blocking / restricting

From:	Chris Buechler <cbuechler at gmail dot com>
To:	Brett <monoinfo at slick dot org>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] PPTP and port blocking / restricting - defnitive answer
Date:	Thu, 23 Dec 2004 21:43:42 -0500

On Thu, 23 Dec 2004 18:09:48 -0800, Brett <monoinfo at slick dot org> wrote:
> 
> The FAQ at http://m0n0.ch/wall/docbook/faq-limitpptp.html reads,
> "Configure your firewall rules on the WAN interface permitting TCP 1723
> only from hosts you want to use PPTP.".  This suggestion is supported by
> several postings in the archive.
> 

Yeah, that's why I committed it, though I didn't try it first.  


> When I look at the status.php page, I see something that looks like port
> 1723 is getting redirected even before my first blocking rule is
> considered.  I did not add this rule - it would have to be something
> that m0n0wall adds by default.  I am not sure if this might be the
> source of the problem (if it is, I am not sure what I can do about it).
> 

Yes, it's added on the back end to permit traffic to the PPTP server,
and the rules you define are added below that rule.


 
> 1.  Is it possible to enable the PPTP server and disable access on a
> specific interface (either through port blocking or otherwise).
> 

Not that I see, though I'd love to hear otherwise from somebody out there.  



> 3.  If the answer to #1 is no, who do I need to contact to update the
> FAQ.  
> 

That would be me.  Done already.  I removed it unless/until somebody
can show me how to do it in a way that works.

-Chris