Re: pf.conf + Norton Antivirus -question

From: erik (erik_at_geenspam.vanwesten.net)
Date: 10/23/03

  • Next message: Wally Bedford: "Re: vpn w/ pptp?" 
    Date: Thu, 23 Oct 2003 22:34:23 +0200

    pekka.niiranen wrote:

    > My current pf.conf is as follows:
    > -----------
    > EXT = "xl0"
    > INT = "xl1"
    > PRIVNETS = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8
    > }"
    >
    > # Options
    > set block-policy drop
    > set loginterface $EXT
    >
    > # clean fragmented and abnormal packets
    > scrub in all
    >
    > # Nat
    > nat on $EXT inet from $INT:network to any -> ($EXT)
    >
    > # Default block
    > block all
    >
    > # Allow loopbacks
    > pass quick on lo0 all
    >
    > # Block access to certain networks
    > block drop in quick on $EXT from $PRIVNETS to any
    > block drop out quick on $EXT from any to $PRIVNETS
    >
    > pass in on $INT from $INT:network to any keep state
    > pass out on $INT from any to $INT:network keep state
    >
    > pass out on $EXT inet proto tcp all modulate state flags S/SA
    > pass out on $EXT inet proto { udp, icmp } all keep state
    > --------
    >
    > However, the Norton Antivirus Corporate Edition 4.1
    > running in my PC (192.168.x.x) connected to INT gets its virus updates
    > automatically from Virus server! The server uses "push" method to
    > write new virus definitions to my harddisk. Port it uses are:
    >
    > 38292 (TCP/UDP) Virus alarms
    > 38293 (UDP) Virus updated at server end
    > 38037 (TCP/UDP) Virus alarms
    > 2967 (UDP) Virus updates at client end
    >
    > What am I missing in my pf.conf? Some port range default
    > setting or what? I would like to stop that "push" coming thru
    > and update manually by myself.
    >
    > -pekka-

    Are you really 100% sure that your virusscanner is not getting the
    updates itself? Check your firewall logs.

    EJ 

    -- 
Remove the obvious part (including the dot) for my email address.
http://www.vanwesten.net for examples of ipf and pf.
  • Next message: Wally Bedford: "Re: vpn w/ pptp?"