Date: Thu, 16 May 2002 15:52:49 -0400 From: "Peter C. Lai" <sirmoo@cowbert.2y.net> To: Tom Wang <wysxs@hotmail.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: ipfw udp dynamic rule don't work ? Message-ID: <20020516155249.A13879@cowbert.2y.net> In-Reply-To: <OE61Nm3y8VhFexoFZzA0000fa08@hotmail.com>; from wysxs@hotmail.com on Thu, May 16, 2002 at 03:23:59PM -0700 References: <OE61Nm3y8VhFexoFZzA0000fa08@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I have a suspicion as to this causing ntp issues on my machine too. Every once in a while, ntpd loses the line discipline for no reason. This doesn't happen when I disable ipfw totally. On Thu, May 16, 2002 at 03:23:59PM -0700, Tom Wang wrote: > Hi, all > > I have a problem when I config ipfw on my Freebsd4.5 Box. the firewall rules as following, > > allow tcp from any to any established > allow ip from any to any frag > ...... > check-state > allow tcp from ${oip} to any keep-state > allow udp from ${oip} to any keep-state > > The box can't synchronize with any ntp servers. I think, "keep-state" can keeps a small time window where it allows udp packets come back that comes from ntp > server. but, it seems don't work. > > I must add following rules in my firewall ruleset ? and why? > > allow udp from {oip} to any 123 > allow udp from any 123 to {oip} > or > allow udp from {oip} to any 123 keep-state > ( this rule should as same as "allow udp from ${oip} to any keep-state" ) > > Thanks in advance. > > Tom > -- Peter C. Lai University of Connecticut Dept. of Molecular and Cell Biology | Undergraduate Research Assistant http://cowbert.2y.net/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020516155249.A13879>