Date: Mon, 9 Nov 2020 10:54:42 -0500 From: Paul Mather <paul@gromit.dlib.vt.edu> To: freebsd@tango.lu Cc: freebsd-stable@freebsd.org Subject: Re: FreeBSD disable any automated outgoing connections Message-ID: <E6CAAC96-FC6F-4041-8207-F2711CA4CD9A@gromit.dlib.vt.edu> In-Reply-To: <06ef76eeff11b6bd6c0964dbf8256d40@tango.lu>
index | next in thread | previous in thread | raw e-mail
On Nov 2, 2020, at 2:15 AM, freebsd@tango.lu wrote: > Hello, > > I have these connections 4-5 am in the morning going to bytemark, cloudfare and other cloud providers: > > - Connections 2.0 - Payload 5.0k - > Ports | Sources | Destinations | Services | Protocols | States | > 443 100.0% | 192.168.1.5#1 100.0% | 104.16.45.99#2 50.0% | - 100.0% | 6 100.0% | SHR 100.0% | > | | 104.16.44.99#3 50.0% | | | | > This is likely to be the /etc/periodic/daily/480.leapfile-ntpd daily periodic job. It checks for an updated NTP leapfile from $ntp_leapfile_sources. This periodic job defaults to "YES" in /etc/defaults/rc.conf and the default for $ntp_leapfile_sources is "https://www.ietf.org/timezones/data/leap-seconds.list". A current DNS lookup of www.ietf.org shows it uses the Cloudflare CDN. > This machine is an IDS it should never make outgoing connections ever. How to disable this? You might set "daily_ntpd_leapfile_enable=NO" in your local periodic.conf file to override the default. Alternatively, if you have a strict rule that the machine should not initiate any outbound connections, you could add a firewall rule dropping any such traffic originating there (i.e., not belonging to an established connection) going out on the external ("WAN") interface. Cheers, Paul.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E6CAAC96-FC6F-4041-8207-F2711CA4CD9A>