[ale] NTP and 'ipchains'

John Mills johnmills at speakeasy.net
Sat Jan 17 18:32:59 EST 2004


Doug -

Thanks for answering my question.

On 17 Jan 2004, Doug McNash wrote:

> If you have a rule using connection tracking ($IPTABLES -A allowed -p
> TCP -m state --state ESTABLISHED,RELATED -j ACCEPT) then responses are
> allowed to connection initiated from the inside.

I may add that, though so far I haven't seen any functional failures 
except NTP.
 
> But,alas, udp is connectionless so you need the explicit rule.

I fumbled around a bit before finding out the firewall was my roadblock, 
and I am more comfortable now that I have an explanation.

 - John Mills
   john.m.mills at alum.mit.edu



More information about the Ale mailing list