On Monday 2010-04-26 15:02, Eric Bauman wrote: > On 26/04/2010 21:28, Pascal Hambourg wrote: >> Could you capture the time query and reply packets (port 37) with a >> packet sniffer such as tcpdump or wireshark ? > > Yes, I just tried that, and I think it shows the problem. It turns out that a > TIME request is being made to IP A, but the response is coming from IP B! So > I'm not surprised iptables isn't matching it as established or related. > > That leads me to ask, who is in the wrong? Should iptables be matching the > response, should the TIME server be responding with the address from which it > receives a query, or is it my fault for not knowing that a request/response IP > mismatch is legal behaviour and crafting an appropriate rule? RFC 868 does not specify any addresses for UDP. I guess someone exploited that in a bogus implementation already ... Use NTP instead? :-) -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
