Microsoft Knowledge Base Article 310111 contains the following summary:
This article describes how to configure packet filter support for PPTP VPN clients.
The Windows 2000 Routing and Remote Access service supports virtual private networking (VPN). A VPN client can use Point-to-Point Tunneling Protocol (PPTP) or Layer Two Tunneling Protocol (L2TP) and IP Security (IPSec) to create a secure tunnel to a Windows 2000-based Routing and Remote Access service VPN server and become a remote node on the private network.
A multihomed Routing and Remote Access service VPN server with an external interface that is connected directly to the Internet can take advantage of packet filtering to secure the internal network from external attacks. The best approach to configuring packet filters in a secure environment is to use the "least privilege" principal, in which all packets are dropped except for those that are explicitly allowed.