Hello!
I've installed a PPTP server on my FreeBSD 4.10 firewall which also has ipfilter 3.4.31. The idea is to allow people with Micros~1 PPTP VPN client to connect from anywhere on the Internet and access W2k server behind the firewall. So I added the following IPFilter rules:
pass in quick on dc0 proto gre from any to 194.126.106.106/32
pass out quick on dc0 proto gre from 194.126.106.106/32 to any
pass in log first quick on dc0 proto tcp \
from any to 194.126.106.106/32 port = 1723 flags S keep stateEverything seems to work correctly. But is there a way to make this ruleset more restrictive? Do I have to allow both gre and tcp/1723 from 'any'? Can I use 'keep state' with gre?
