NTP security hole CVE-2013-5211?
Ronald F. Guilmette
rfg at tristatelogic.com
Sat Mar 22 00:10:47 UTC 2014
In message <532CC8CF.4030508 at elischer.org>,
Julian Elischer <julian at elischer.org> wrote:
>>> 50.116.38.157
>>> 69.50.219.51
>>> 69.55.54.17
>>> 69.167.160.102
>>> 108.61.73.244
>>> 129.250.35.251
>>> 149.20.68.17
>>> 169.229.70.183
>>> 192.241.167.38
>>> 199.7.177.206
>>> 209.114.111.1
>>> 209.118.204.201
>
>You can't use this list because the members of the pool change over time.
Yes. I've understood that now. Thank you.
>you need the following rules placed in the correct places in your ruleset.
>
>check-state
> and
>allow udp from me to any 123 out via ${oif} keep-state.
I've implemented this now, and it seems to be working great.
My sincere thanks to everyone who stepped forward to help.
Regards,
rfg
More information about the freebsd-security
mailing list