pf pptp
I wondered if someone could help with a little pf file (openbsd 4.4).
I have a ipless bridge on the wan side of my pfsense box at home and have the following rules set for letting everthing though. This way I can have sniff with tcpdump to see passing traffic.
ext_if="fxp0"
int_if="fxp1"
#Bridge so only filter on one interface let all pass on ext_if
pass in quick on $ext_if all
pass out quick on $ext_if all
pass in all
pass out all
------
The pfsense box is running a pptp server and I thought this pf bridge may be able to restrict pptp traffic to only allow certain external ip addresses into the network.
I would if someone could advise as to the syntax required for doing so.
The pfsense box does have the ability to disable automatically created vpn rules box I would like to learn from a file / command line basis as the openbsd box will probably end up replacing my pfsense box in the end. It's a long way off but pf is great.
So to sum up from the pf example above I would like to allow all apart from vpn coming in from specific ip addresses.
Any help would be appreciated.
-----
Failing that is there a way to stop someone trying to brute force the pptp login? Whilst still allowing all other traffic to flow through.
Regards
P
Last edited by pico; 12th November 2010 at 10:17 AM.
|