Subject: Re: Friewall rules for NAT w/ DHCP outside address
To: Sam Carleton <>
From: Manuel Bouyer <>
List: tech-security
Date: 07/21/2001 17:32:36
On Sat, Jul 21, 2001 at 04:25:25AM -0400, Sam Carleton wrote:
> gabriel,
> Thank you.  I have two more questions:
> 1:  I am a bit confused about dealing with the NAT/DHCP issue.  What has me
> stumped is that if I want to do a:
> block in log quick on tun0 proto tcp from any to <internal network> port = 23
> or
> block out log quick on tun0 proto tcp from <internal network> to any port = 23
> What do I put in for the internal network?  The IP is assigned via DHCP.  Is
> my only choice to use any?

Put the net/netmask of your internal network, e.g.

Manuel Bouyer <>