Im running NAT and have a private subnet 192.168.0.0/24, but in contrast to the case usually described in the documentation, my private subnet is _not_ trusted.

My question: How should I set up my ipf rules for the nic that connects the 192.168.0.0/24 network? I want to allow all traffic to my ISP, but nothing to my NetBSD box.

I have set up the rules to block all unwanted traffic comming in from my ISP. That part works like a charm.

Thanks in advance,

Daniel