On Tue, 14 Sep 2004, Pat Lashley wrote: > --On Tuesday, September 14, 2004 20:59:43 -0400 "Eric W. Bates" <[EMAIL PROTECTED]> > wrote: > > > It's a small store. Folks with broken computers bring the > > machines in because "It doesn't work". They usually don't > > know what is wrong with any given machine; and they try to > > be careful (remove the hard drive and attempt to clean it > > first); but eventually there is a need to put the machine > > on line and try to update Norton's virus list. > > Befoe bringing it on-line, why not mount the disk on a FreeBSD > machine and run ClamAV over all the files? It's not guaranteed > to catch everything; but it should at least reduce the window. > > You could also consider setting it up so that the initial > reconnection is on a separate cable going through a firewall > that -only- allows the connections necessary to update the > Norton virus list. Once it is updated, unplug it from the > network, run the virus check, and only then plug it into > your main LAN. >
What about: ipfw add allow tcp from evil/24 to any port 445 setup limit src-addr 4 ipfw add allow tcp from evil/24 to any port 139 setup limit src-addr 4 To limit the amount of evil connections, place above the regular keep-state rule. -- Sten Spans "There is a crack in everything, that's how the light gets in." Leonard Cohen - Anthem _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
