On Tuesday 02 December 2003 10:24 am, John Gorentz wrote:
> Thanks for all the information on the status of virus and spam filtering at
> Another question: Are any of MSU's academic units running department- or
> building-level hardware firewalls these days, other than what can be done
> with routers? If so, what are people using and what are they trying to
> accomplish with them? It's not a very specific question because I don't
> have anything specific in mind yet, at least not anything that I'm willing
> to talk about. But I'm curious.
> John Gorentz
Political Science and LIR in South Kedzie have a firewall based on
OpenBSD, running the pf packet filter.
So far, we're blocking the MS "diseased" file sharing ports, both
incoming and outgoing. Since our fileservers are inside the firewall
and AFS access is done with OpenAFS, this has worked out well.
Our rules are evolving, but blocking the MS protocols (135, 137, 138,
139, 445, 593) is a good start.
--STeve Andre' (Political Science)