Guys, I posted this earlier to the help list, but think it's more fitting for discussion. My apologies up front for the double post.
-- I've been working through my first pfsense install, and have been extremely impressed with all design decisions...until this morning. My configuration is pretty easy: - LAN - WAN - DMZ - DMZ for wireless with PPTP VPN into LAN Should be easy enough to set up...I've been doing it with Linux fws for years. However, whenever I enable the PPTP server on pfsense, the firewall installs rules to allow PPTP traffic on ALL interfaces. So, if I want to use pfsense's VPN capabilities to protect my wireless network, I have to also expose my VPN to the world at large...NOT desired by any means. I posted a FAQ and received this in reply from Holger Bauer: "To answer your question: By enabling the PPTP-Server pfSense creates rules behind the scenes" for all available interfaces to allow pptp traffic. The user defined rules are created below these "system internal" rules. There is no way to block this traffic in pfSense 1.0." I can fathom why one would not want to restrict all VPN initiation to a particular interface or set of interfaces. So, two questions. 1. is this a conscious design decision, or only a feature waiting to happen? If it is indeed a feature you'd be interested in, I'm willing to roll up my sleeves if I can block some time. 2. is there an easy way to implement this behavior? Can I hack into the hidden rules to restrict access to only my wireless interface? Thanks very much for any insight you can provide! John
