iptables and ntp (SOLVED)
Sam Kuper
sam.kuper at uclmail.net
Sun Nov 2 00:07:32 UTC 2008
OK, I've solved this now, with some degree of trial and error, combined with
reading the logs. I've included the changed rules below. If anyone notices a
glaring error in what I've done, please let me know!
2008/11/1 Sam Kuper <sam.kuper at uclmail.net>
> [...] I am having some trouble with ntp and iptables. [...]
> Here is my iptables ruleset (which is based on the one Michael Rash
> provides in his book Linux Firewalls):
>
> ### ACCEPT rules
> $IPTABLES -A INPUT -i eth0 -p tcp --dport 22 --syn -m state --state NEW -j
> ACCEPT
> $IPTABLES -A INPUT -i eth0 -p udp --sport 123 -m state --state
> NEW,ESTABLISHED -j ACCEPT # SPK for ntpd
> $IPTABLES -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
>
Second line should have been:
$IPTABLES -A INPUT -p udp --dport 123 -m state --state NEW -j ACCEPT
> ### anti-spoofing rules
> $IPTABLES -A OUTPUT -s ! $INT_NET -j LOG --log-prefix "SPOOFED PKT "
> $IPTABLES -A OUTPUT -s ! $INT_NET -j DROP
>
Inserted new rule in front of the two above:
$IPTABLES -A OUTPUT -s 127.0.0.1 -j ACCEPT
Hope this helps someone,
Sam
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20081102/f8e3e8c4/attachment.html>
More information about the ubuntu-users
mailing list