On 11/18/05, Drago <dragotr at gmail dot com> wrote:
> this has been discussed already. you can add deny rule on the external
> interface to prevent access to port 1723.
I must have missed that. But i do already have a rule that explicitly
denies every incoming traffic, unless otherwise stated. deny any > any
as the last entry in the chain. This would be sufficient i guess,
however it still let's 1723 trough.