I have a VPN link for external user that I need to limit to one server / several ports and just looking if my line of thought is OK:
I need to create server binding interface in PPP, and then I use that port as an in interface, and allow forward to the specific local IP + ports, and block else.
Should I also block access to the router (input chain)?
Help much appreciated. (The system is live, so I am trying to be extra careful, haven't done this before.)