JW> Summer is over. School is back in session. The 4,500 students behind my
JW> OpenBSD 3.5 pf firewall are mostly settled into their dorm rooms. My
JW> nightmare begins. A single Blaster infection can spray out thousands of
JW> connections in seconds. One sad day, I had to reboot my firewall three or
JW> four times before we could identify and disconnect the offending
JW> student(s).
hmm ... what about just
block in quick proto tcp from any to any port {135, 137, 445}
works fine for me
Ilya A. Kovalenko
