tech-security: Friewall rules for NAT w/ DHCP outside address

Subject: Friewall rules for NAT w/ DHCP outside address
To: None <tech-security@netbsd.org>
From: Sam Carleton <scarleton@miltonstreet.com>
List: tech-security
Date: 07/20/2001 19:15:26

My connection to the internet is via cable modem, ie DHCP.  So far I
have nat working fine, I just need to figure out how to configure the
ipfilter rules.  I am using
http://www.obfuscation.org/ipf/ipf-howto.html as my guide.  When it
talks about a rule like:

block in log quick on tun0 proto tcp from any to 20.20.20.0/24 port = 23

I simply want to block incoming port 23 to the tun0 interface, how do I
go about doing that?  For that matter, I would like to block ALL traffic
on tun0 of port 23.

Sam