From owner-freebsd-questions  Mon Mar 25 11: 0:22 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5])
	by hub.freebsd.org (Postfix) with ESMTP id 3FDEC37B41A
	for <freebsd-questions@freebsd.org>; Mon, 25 Mar 2002 11:00:10 -0800 (PST)
Received: from hades.hell.gr (patr530-a142.otenet.gr [212.205.215.142])
	by mailsrv.otenet.gr (8.12.2/8.12.2) with ESMTP id g2PJ06Ig020732;
	Mon, 25 Mar 2002 21:00:07 +0200 (EET)
Received: from hades.hell.gr (hades [127.0.0.1])
	by hades.hell.gr (8.12.2/8.12.2) with ESMTP id g2PJ04aW017035;
	Mon, 25 Mar 2002 21:00:05 +0200 (EET)
	(envelope-from keramida@freebsd.org)
Received: (from charon@localhost)
	by hades.hell.gr (8.12.2/8.12.2/Submit) id g2PJ03DC017033;
	Mon, 25 Mar 2002 21:00:03 +0200 (EET)
	(envelope-from keramida@freebsd.org)
Date: Mon, 25 Mar 2002 21:00:02 +0200
From: Giorgos Keramidas <keramida@ceid.upatras.gr>
To: Nikolaus Hiebaum <news@hiebaum.org>
Cc: freebsd-questions@freebsd.org
Subject: Re: firewall & ntpdate
Message-ID: <20020325190001.GA14251@hades.hell.gr>
References: <Pine.BSF.4.30.0203251335060.44266-100000@okkod.pair.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Pine.BSF.4.30.0203251335060.44266-100000@okkod.pair.com>
User-Agent: Mutt/1.3.28i
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On 2002-03-25 13:52, Nikolaus Hiebaum wrote:
>
> 1) deals with firewall(s): I wanted to use my OpenBSD firewall (ipf based)
> on my FreeBSD box, but it appears the syntax doesn't fit.

Although FreeBSD has ipfilter, it's not compiled into the kernel by
default.  You have to rebuild your kernel with the IPFILTER option.

> So, instead I am using ipfw.rules, and I'm using the sample script as
> found in the FreeBSD handbook. It works all right, but how can I reload
> a new ruleset. I use ipfw -f flush, but this does not seem to reload a new
> ruleset.

First "flush" deleting all the old craft, and then load the rules from your
rule file:

	# ipfw flush
	# ipfw -f /path/to/file

> 2) Time Synchronization:
> ntpdate -d -u -v 129.6.15.28
> 
> results in "no server suitable for synchronization found". Any ideas?

You've blocked NTP.  You need to open udp port 123.
Here's the relevant rule from my /etc/ipfw.rules file:

	# grep 123 /etc/ipfw.rules
	add allow udp from any to any 123 keep-state out

Giorgos Keramidas                       FreeBSD Documentation Project
keramida@{freebsd.org,ceid.upatras.gr}  http://www.FreeBSD.org/docproj/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message