
#-----------------------------------------------------------------------
# README
#-----------------------------------------------------------------------
#
# This module supports the PPTP VPN, typically used by MicroSoft and other
# tunneling software.
#
# To install, copy this file to /etc/firewall-modules/public/services/
# 030-pptpvpn-hosts. Since VPN bandwidth use may be very high, it's 
# preferable to keep this module near the top. Execute rc.firewall with
# the --update-config parameter. This will add the new options to the 
# configuration file.
#
# References:
# http://poptop.lineo.com/
# http://www.vibrationresearch.com/pptpd/pptpd-FAQ.txt
#-----------------------------------------------------------------------
# CHANGES
#-----------------------------------------------------------------------
#
# 2001-02-18  Dougal Holmes <dholmes@bigpond.net.au>
#             Fixed error in call to Option_Value
# 2001-02-15  Edwin ten Brink <edwin@privateer.student.utwente.nl>
#             Added a few cosmetic changes (v5.1 style)
# 2001-02-15  Dougal Holmes <dholmes@bigpond.net.au>
#             Initial module copied from ipsecvpn for v5.0.
#
#-----------------------------------------------------------------------
# MODULE CONFIGURATION
#-----------------------------------------------------------------------
#
#n# pptpvpn
#a# accept
#t# hosts
#i# cluster
#m# 123
#
#   |--------------------------------------------------------------------|
#d# pptpvpn (Port 1723 TCP)
#d# Hostnames of other servers you'll be communicating with via an PPTP
#d# VPN. Entering a value here will also turn off route filtering (used 
#d# to prevent IP spoofing) on your pptp public interface(s).
#d# You must declare your VPN interface at the PUBLIC-INTERFACES!
#   |--------------------------------------------------------------------|
#
#-----------------------------------------------------------------------
# START OF MODULE CODE
#-----------------------------------------------------------------------

module_name="pptpvpn"       # module name used in options
module_type="hosts"         # the module type (clients, servers, etc.)
service_name="PPTP VPN"     # displayed on-screen
service_port="1723"         # port number for this service

#-----------------------------------------------------------------------
# PoPToP VPN (Port 1723)
#-----------------------------------------------------------------------

for HOST in `Option_Value accept $INTERFACE $module_name $module_type`
do
	echo "Accept $INTERFACE $IPADDR $service_name <-> $HOST $LOG_MSG"
	ipchains -A $INCHAIN  -j ACCEPT -p tcp -s $HOST   $UNPRIVPORTS  -d $IPADDR $service_port $LOG
	ipchains -A $OUTCHAIN -j ACCEPT -p tcp -s $IPADDR $service_port -d $HOST   $UNPRIVPORTS  $LOG

	ipchains -A $INCHAIN  -j ACCEPT -p 47 -s $HOST   -d $IPADDR $LOG
	ipchains -A $OUTCHAIN -j ACCEPT -p 47 -s $IPADDR -d $HOST   $LOG
done

