Date: Fri, 21 Mar 2014 17:10:47 -0700 From: "Ronald F. Guilmette" <rfg@tristatelogic.com> Cc: freebsd-security@freebsd.org Subject: Re: NTP security hole CVE-2013-5211? Message-ID: <53019.1395447047@server1.tristatelogic.com> In-Reply-To: <532CC8CF.4030508@elischer.org>
index | next in thread | previous in thread | raw e-mail
In message <532CC8CF.4030508@elischer.org>,
Julian Elischer <julian@elischer.org> wrote:
>>> 50.116.38.157
>>> 69.50.219.51
>>> 69.55.54.17
>>> 69.167.160.102
>>> 108.61.73.244
>>> 129.250.35.251
>>> 149.20.68.17
>>> 169.229.70.183
>>> 192.241.167.38
>>> 199.7.177.206
>>> 209.114.111.1
>>> 209.118.204.201
>
>You can't use this list because the members of the pool change over time.
Yes. I've understood that now. Thank you.
>you need the following rules placed in the correct places in your ruleset.
>
>check-state
> and
>allow udp from me to any 123 out via ${oif} keep-state.
I've implemented this now, and it seems to be working great.
My sincere thanks to everyone who stepped forward to help.
Regards,
rfg
home |
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53019.1395447047>