Re: [m0n0wall] Allow only specific IP-ranges to use PPTP server

From:	"Neil A. Hillard" <m0n0 at dana dot org dot uk>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Allow only specific IP-ranges to use PPTP server
Date:	Fri, 1 Feb 2008 19:49:37 +0000

Hi,

In message
<d64aa1760802011121j3792b3bco9f6795a1dc62c1df at mail dot gmail dot com>, Chris
Buechler <cbuechler at gmail dot com> writes
>On Feb 1, 2008 6:41 AM, Philippe Lang <philippe dot lang at attiksystem dot ch> wrote:
>> Hi,
>>
>> This question has already been asked long time ago:
>>
>> http://m0n0.ch/wall/list/showmsg.php?id=54/82
>>
>> I cannot find any solution to that problem, even with the latest
>> monowall version. Is there a way to do it? I don't particularly like
>> port 1723 being opened to the whole internet...
>>
>
>The rules are automatically added, short of changing the source code
>and rolling your own image there is no way to change that.

One thing that would resolve this and is a nice-to-have would be the
ability to disable the implied rules - so for example, on the PPTP
server page there would be a tick box for 'add implied rule', by default
checked.  Unchecking it would then allow the admin to add their own
rule.

I'd like this so I could have the PPTP server available to my wireless
LAN but not over the Internet (OK, I could block it at my router but it
would be nice to keep everything centrally controlled).

It would work much like the 'Disable webGUI anti-lockout rule' option.

                                Neil.

-- 
Neil A. Hillard                E-Mail:   m0n0 at dana dot org dot uk