tech-security: Re: Friewall rules for NAT w/ DHCP outside address

Subject: Re: Friewall rules for NAT w/ DHCP outside address
To: Sam Carleton <scarleton@miltonstreet.com>
From: gabriel rosenkoetter <gr@eclipsed.net>
List: tech-security
Date: 07/21/2001 02:03:23

On Fri, Jul 20, 2001 at 07:15:26PM -0400, Sam Carleton wrote:
> block in log quick on tun0 proto tcp from any to 20.20.20.0/24 port = 23
> 
> I simply want to block incoming port 23 to the tun0 interface, how do I
> go about doing that?  For that matter, I would like to block ALL traffic
> on tun0 of port 23.

Presuming you do want the tcp part included and understand (and
want) quick:

block in log quick on tun0 proto tcp from any to any port = 23

-- 
       ~ g r @ eclipsed.net