Date: Mon, 9 Nov 2020 10:54:42 -0500 From: Paul Mather <paul@gromit.dlib.vt.edu> To: freebsd@tango.lu Cc: freebsd-stable@freebsd.org Subject: Re: FreeBSD disable any automated outgoing connections Message-ID: <E6CAAC96-FC6F-4041-8207-F2711CA4CD9A@gromit.dlib.vt.edu> In-Reply-To: <06ef76eeff11b6bd6c0964dbf8256d40@tango.lu> References: <06ef76eeff11b6bd6c0964dbf8256d40@tango.lu>
index | next in thread | previous in thread | raw e-mail
On Nov 2, 2020, at 2:15 AM, freebsd@tango.lu wrote: > Hello, > > I have these connections 4-5 am in the morning going to bytemark, cloudfare and other cloud providers: > > - Connections 2.0 - Payload 5.0k - > Ports | Sources | Destinations | Services | Protocols | States | > 443 100.0% | 192.168.1.5#1 100.0% | 104.16.45.99#2 50.0% | - 100.0% | 6 100.0% | SHR 100.0% | > | | 104.16.44.99#3 50.0% | | | | > This is likely to be the /etc/periodic/daily/480.leapfile-ntpd daily periodic job. It checks for an updated NTP leapfile from $ntp_leapfile_sources. This periodic job defaults to "YES" in /etc/defaults/rc.conf and the default for $ntp_leapfile_sources is "https://www.ietf.org/timezones/data/leap-seconds.list". A current DNS lookup of www.ietf.org shows it uses the Cloudflare CDN. > This machine is an IDS it should never make outgoing connections ever. How to disable this? You might set "daily_ntpd_leapfile_enable=NO" in your local periodic.conf file to override the default. Alternatively, if you have a strict rule that the machine should not initiate any outbound connections, you could add a firewall rule dropping any such traffic originating there (i.e., not belonging to an established connection) going out on the external ("WAN") interface. Cheers, Paul.help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E6CAAC96-FC6F-4041-8207-F2711CA4CD9A>