At work we have a m0n0wall 1.2final running as an PPTP server.
We want to add an extra layer of security by limiting port 1723 access to
only a selected range of ip addresses. However as it turns out, port 1723
is already completely open on the WAN interface and hence it is impossible
to restrict PPTP access by ip address.
IMHO this is not recommended behaviour. I recall that it used to be necessary
to explicitly open the 1723 port for it to work.