etc/rc.firewall6
Chuck Swiger
cswiger at mac.com
Fri Jul 18 00:07:26 UTC 2008
On Jul 17, 2008, at 4:35 PM, Max Laier wrote:
>> David Mills' ntpd uses port 123 on both sides, true. Other NTP
>> implementations tend to use ephemeral ports; a quick histogram of 30
>> seconds or so of traffic to a stratum-2 NTP server suggests about
>> half
>> of the NTP traffic out there uses other ports.
>
> Don't forget PNAT. I'd also argue that the rc.firewall6 in base is
> supposed to work with the ntpd in base. We should, however, not
> forget
> about ntpdate, which seems to use ephemeral ports.
Certainly some forms of NAT might also "scrub" ntpd's use of port 123
to some random higher port, true enough. It's not recommended that
machines providing time service to others have NAT in the way, though,
so that circumstance wasn't at the top of my mind. :-)
--
-Chuck
More information about the freebsd-net
mailing list