[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ntp + pf

To: OpenBSD <misc@openbsd.org>
Subject: ntp + pf
From: fransoa holop <fred@francis.unitra.sk>
Date: Mon, 29 Apr 2002 20:16:59 +0200
Content-Disposition: inline
Mail-Followup-To: fransoa holop <fred@francis.unitra.sk>,OpenBSD <misc@openbsd.org>
User-Agent: Mutt/1.2.5i

hello,

my /etc/pf.conf is a la FAQ, now i was wondering
(and i have null experience with firewalls yet)
does ntp need its port 123 tcp/udp to be open?
or does the keep state thingy take care of that
(line 11-12)?

ntp doesn't complain (loudly), and i am a little
bit confused.  i started wondering because the last
log is from 26. apr. and only after the reboot process:

Apr 26 21:19:16 z ntpd[21909]: ntpd 4.1.72@1.762-r Wed Apr 10 03:43:15 MDT 2002 (1)
Apr 26 21:19:17 z ntpd[21909]: kernel time discipline status 0040
Apr 26 21:24:01 z ntpd[21909]: time reset 90.093277 s
Apr 26 21:24:01 z ntpd[21909]: kernel time discipline status change 41


/etc/pf.conf
--------------------------------
ext_if=xl0

scrub in all

block  in on $ext_if all

pass   in on $ext_if inet proto tcp from any to any port 22 keep state
pass   in on $ext_if inet proto tcp from any to any port 80 keep state

block out on $ext_if                 all
pass  out on $ext_if inet proto tcp  all flags S/SA keep state
pass  out on $ext_if inet proto udp  all            keep state
# ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
pass  out on $ext_if inet proto icmp all            keep state
---------

-- 
oh no, not deja-vu again.  oh no, not deja-vu again.

Follow-Ups:
- Re: ntp + pf
  - From: Ben Goren <ben@trumpetpower.com>
- Re: ntp + pf
  - From: Dan Harnett <danh@nfol.com>

Prev by Date: OpenBSD <--> Netscreen tunnel
Next by Date: Re: hub and spoke VPN???
Prev by thread: Re: OpenBSD <--> Netscreen tunnel
Next by thread: Re: ntp + pf
Index(es):
- Date
- Thread