Hi,
We are having a strange problem since about a couple of weeks now (nothing changed since it was working as it should)
csf is blocking udp in for port 123 when we use nl.pool.ntp.org , whenever we use another ntp server there is no problem at all.
Because ntp.org uses loads of different servers, it's no option whitelisting them (as they change as well: new servers added, old servers removed)
Also: opening up 123udp-in for the world is obviously no option (udp123 out is open of course).
Anyone has any idea's on this (why it's hapening? is it a bug?, anyone else having this problem?)
our log shows:
kernel: Firewall: *UDP_IN Blocked* IN=ens192 OUT= MAC=XX:50:XX:XX:71:XX:XX:11:bc:XX:88:XX:XX:XX SRC=AAA.BBB.55.20 DST=AAA.BBB.62.131 LEN=76 TOS=0x00 PREC=0x00 TTL=59 ID=12423 DF PROTO=UDP SPT=123 DPT=123 LEN=56
it's doing this for different ip's right after we restart ntpd, we suspect some kind of burst rate being tripped, but we can't find the value in csf
thanks,
Jef