Try it the other direction:
	pass out on ppp0 all keep state

--Michael

"Gwilym Evans" <meatgroup@dingoblue.net.au> writes:

> Heyas,
> 
> 	Must say I rather like NetBSD so far, just using (most) of the default
> setup for a nat through ppp router and I'm just wondering if the following
> is possible through ip filters (well, it is, I just don't know how :))
> 
> 	I'm currently using hosts.deny to tell anything incoming to get stuffed but
> of course the port itself still lies open. I'd like a way of making it seem
> like every port is closed to the outside world. I realise that some will be
> left in a filtered state due to nat sessions, that's ok. It's mainly for the
> low numbered service ports.
> 
> 	FYI- my LAN addys are 192.168.0.x and NIC if is le0. Needless to say my
> dialup if is ppp0 ;)
> 
> 	I tried 'block in quick on ppp0 all keep state' but um... I guess I'm a
> little off track. Had to disable/enable filtering to get my connectivity
> back :D
> 
> 	TIA,
> 	Gwilym.