Firewall Script Help - WR31

Hello all. I am new to Digi as I have typically used Cradlepoint units prior, but it looks like there are more robust features in the Digi. So please excuse my ignorance.

But here is what I am looking to do…

1.) Allow all traffic from a specific WAN IP address as is comes into the Cellular interface to be allowed.
2.) Allow all PPTP Port 1723 Traffic from any IP via the Cellular interface. (Note, I have sucessfully configured and tested the PPTP Server on the WR31 using PPP 5)
3.) Block all internet traffic requests to the internet from the PPTP Clients (range
4.) Allow PPTP Clients to access a device via port 80 at ip address
5.) Block everything else.

My issue is that I have figured out items 1 and 2.

But I have only been able to fix item 3 by forcing an invalid DNS server via the PPTP Server (i.e. so nothing will resolve. But if the user knows the IP and does not need DNS, I would assume traffic would flow out which is not good.

Also, whereas Item 1 I have working, it seems that PPTP Clients cannot connect to either my device at or the WR31 at and I cannot figure out why.

I am just looking for a little bit of firewall script help here as the syntax seems a bit cryptic to me.

Any help is apperciated.

in connection to point 3

if you want to block all traffic from

you would be better using a subnet to cover .17-31

block out break end on ppp1 from to any

as the source of the traffic would be in this subnet and this shound not pass out of the PPP interface