Date: Thu, 16 May 2002 15:52:49 -0400 From: "Peter C. Lai" <sirmoo@cowbert.2y.net> To: Tom Wang <wysxs@hotmail.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: ipfw udp dynamic rule don't work ? Message-ID: <20020516155249.A13879@cowbert.2y.net> In-Reply-To: <OE61Nm3y8VhFexoFZzA0000fa08@hotmail.com>; from wysxs@hotmail.com on Thu, May 16, 2002 at 03:23:59PM -0700 References: <OE61Nm3y8VhFexoFZzA0000fa08@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I have a suspicion as to this causing ntp issues on my machine too.
Every once in a while, ntpd loses the line discipline for no
reason. This doesn't happen when I disable ipfw totally.
On Thu, May 16, 2002 at 03:23:59PM -0700, Tom Wang wrote:
> Hi, all
>
> I have a problem when I config ipfw on my Freebsd4.5 Box. the firewall rules as following,
>
> allow tcp from any to any established
> allow ip from any to any frag
> ......
> check-state
> allow tcp from ${oip} to any keep-state
> allow udp from ${oip} to any keep-state
>
> The box can't synchronize with any ntp servers. I think, "keep-state" can keeps a small time window where it allows udp packets come back that comes from ntp
> server. but, it seems don't work.
>
> I must add following rules in my firewall ruleset ? and why?
>
> allow udp from {oip} to any 123
> allow udp from any 123 to {oip}
> or
> allow udp from {oip} to any 123 keep-state
> ( this rule should as same as "allow udp from ${oip} to any keep-state" )
>
> Thanks in advance.
>
> Tom
>
--
Peter C. Lai
University of Connecticut
Dept. of Molecular and Cell Biology | Undergraduate Research Assistant
http://cowbert.2y.net/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020516155249.A13879>