Thread: pf pptp
View Single Post
  #1   (View Single Post)  
Old 12th November 2010
pico pico is offline
Real Name: Pico
Complete openbsd beginner
 
Join Date: Mar 2010
Location: Scotland
Posts: 19
Default pf pptp

I wondered if someone could help with a little pf file (openbsd 4.4).

I have a ipless bridge on the wan side of my pfsense box at home and have the following rules set for letting everthing though. This way I can have sniff with tcpdump to see passing traffic.

ext_if="fxp0"
int_if="fxp1"

#Bridge so only filter on one interface let all pass on ext_if

pass in quick on $ext_if all
pass out quick on $ext_if all

pass in all
pass out all

------

The pfsense box is running a pptp server and I thought this pf bridge may be able to restrict pptp traffic to only allow certain external ip addresses into the network.

I would if someone could advise as to the syntax required for doing so.

The pfsense box does have the ability to disable automatically created vpn rules box I would like to learn from a file / command line basis as the openbsd box will probably end up replacing my pfsense box in the end. It's a long way off but pf is great.

So to sum up from the pf example above I would like to allow all apart from vpn coming in from specific ip addresses.

Any help would be appreciated.

-----

Failing that is there a way to stop someone trying to brute force the pptp login? Whilst still allowing all other traffic to flow through.

Regards

P

Last edited by pico; 12th November 2010 at 10:17 AM.
Reply With Quote