[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ntp + pf
You should be fine, unless you want the rest of the world to
access your NTP server (which you don't).
To confirm, run ntpq -p to see what ntpd thinks of its peers.
On Mon, Apr 29, 2002 at 08:16:59PM +0200, fransoa holop wrote:
> my /etc/pf.conf is a la FAQ, now i was wondering
> (and i have null experience with firewalls yet)
> does ntp need its port 123 tcp/udp to be open?
> or does the keep state thingy take care of that
> (line 11-12)?
> ntp doesn't complain (loudly), and i am a little
> bit confused. i started wondering because the last
> log is from 26. apr. and only after the reboot process:
> Apr 26 21:19:16 z ntpd: ntpd email@example.com Wed Apr 10 03:43:15 MDT
> Apr 26 21:19:17 z ntpd: kernel time discipline status 0040
> Apr 26 21:24:01 z ntpd: time reset 90.093277 s
> Apr 26 21:24:01 z ntpd: kernel time discipline status change 41
> scrub in all
> block in on $ext_if all
> pass in on $ext_if inet proto tcp from any to any port 22 keep state
> pass in on $ext_if inet proto tcp from any to any port 80 keep state
> block out on $ext_if all
> pass out on $ext_if inet proto tcp all flags S/SA keep state
> pass out on $ext_if inet proto udp all keep state
> # ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> pass out on $ext_if inet proto icmp all keep state
> oh no, not deja-vu again. oh no, not deja-vu again.
[demime 0.98d removed an attachment of type application/pgp-signature]
- ntp + pf
- From: fransoa holop <firstname.lastname@example.org>