My connection to the internet is via cable modem, ie DHCP.  So far I
have nat working fine, I just need to figure out how to configure the
ipfilter rules.  I am using
http://www.obfuscation.org/ipf/ipf-howto.html as my guide.  When it
talks about a rule like:

block in log quick on tun0 proto tcp from any to 20.20.20.0/24 port = 23

I simply want to block incoming port 23 to the tun0 interface, how do I
go about doing that?  For that matter, I would like to block ALL traffic
on tun0 of port 23.

Sam