Date: Fri, 21 Mar 2014 17:10:47 -0700 From: "Ronald F. Guilmette" <rfg@tristatelogic.com> Cc: freebsd-security@freebsd.org Subject: Re: NTP security hole CVE-2013-5211? Message-ID: <53019.1395447047@server1.tristatelogic.com> In-Reply-To: <532CC8CF.4030508@elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <532CC8CF.4030508@elischer.org>,
Julian Elischer <julian@elischer.org> wrote:
>>> 50.116.38.157
>>> 69.50.219.51
>>> 69.55.54.17
>>> 69.167.160.102
>>> 108.61.73.244
>>> 129.250.35.251
>>> 149.20.68.17
>>> 169.229.70.183
>>> 192.241.167.38
>>> 199.7.177.206
>>> 209.114.111.1
>>> 209.118.204.201
>
>You can't use this list because the members of the pool change over time.
Yes. I've understood that now. Thank you.
>you need the following rules placed in the correct places in your ruleset.
>
>check-state
> and
>allow udp from me to any 123 out via ${oif} keep-state.
I've implemented this now, and it seems to be working great.
My sincere thanks to everyone who stepped forward to help.
Regards,
rfg
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53019.1395447047>