> In ipf.conf I've got some rules which are about 30 to 50 lines long.
> Probably not configured properly but it's going in the right
> direction.  I'm willing to admit that it's a mess.  Which is why I've
> written in hoping that I can sort it out.

I take it that you've looked at the NetBSD documentation link that points
you to:

  http://www.obfuscation.org/ipf/

?

> The rules look like this for a firewall box that is a dialup
> connection.  ISDN card is ippp0 and the network card is ne2.

I've found that using groups makes my ipf rules much easier to create/follow.
I only do this by interface (you could get more complexx), for example:

  # Internal interface le0, addresses 81.2.110.32/27
  # Default inbound is block and log everything
  block return-icmp(filter-prohib) in log level local6.info on le0 from any to any head 110

  # Allow any connections from our addresses
  pass in quick from 81.2.110.32/27 to any keep state group 110

Also, I log to local6.info so I can separate the ipf logs from the others via:

  # IPF logs
  local6.*						/var/log/ipflog

in /etc/syslog.conf

> Then I'd like to put in some rules to block out.  There are times when
> I find that I need this.  Would be good to know how to do it properly.

I'd say use a group here, starting with something like:

  pass out on ippp0 from any to any head 150

or:

  block out on ippp0 from any to any head 150

as defaults and add the other lines that you need.

> The part that has really caused a lot of problems for me is the pass
> out line at the bottom.  Is it...
> 
> pass out all
> 
> Or, does it need to be something else ?

Not sure why this is causing you problems.  Maybe using the groups will
solve it.

J

-- 
                    My other computer also runs NetBSD
                          http://www.netbsd.org/