nanog mailing list archives
Re: OpenNTPProject.org
From: Yucong Sun <sunyucong () gmail com>
Date: Sun, 16 Feb 2014 21:26:10 -0800
Just for the reference, here is a more complete solution for Junos (took me a while searching the web to figure it out), hope it helps someone. policy-options { prefix-list lo0.0-inet-address { apply-path "interfaces lo0 unit 0 family inet address <*>"; } prefix-list ntp-servers { apply-path "system ntp server <*>"; } } firewall { family inet { filter lo-filter { term ntp-allow { from { source-prefix-list { ntp-servers; lo0.0-inet-address; } protocol udp; destination-port ntp; } then accept; } term ntp-other-discard { from { protocol udp; destination-port ntp; } then { discard; } } term zz-accept { then accept; } } } } On Sun, Feb 16, 2014 at 8:42 PM, Mark Tinka <mark.tinka () seacom mu> wrote:
On Monday, February 17, 2014 06:35:46 AM Lyndon Nerenberg wrote:I was suggesting it as an alternative to just chopping off NTP at your border. Presumably it would be a one-off thing until Juniper issues a patch.In Junos, applying the right filters to your router's control plane will fix the issue. You don't need to block NTP in the data plane. Mark.
Current thread:
- RE: OpenNTPProject.org, (continued)
- RE: OpenNTPProject.org Mike Walter (Feb 18)
- Re: OpenNTPProject.org Dobbins, Roland (Feb 17)
- Re: OpenNTPProject.org Paul S. (Feb 17)
- Re: OpenNTPProject.org Harlan Stenn (Feb 17)
- Re: OpenNTPProject.org Mark Tinka (Feb 16)
- Re: OpenNTPProject.org Lyndon Nerenberg (Feb 16)
- Re: OpenNTPProject.org Christopher Morrow (Feb 16)
- Re: OpenNTPProject.org Lyndon Nerenberg (Feb 16)
- Re: OpenNTPProject.org Mark Tinka (Feb 16)
- Re: OpenNTPProject.org Christopher Morrow (Feb 16)
- Re: OpenNTPProject.org Yucong Sun (Feb 17)
- JunOS NTP - Re: OpenNTPProject.org Jared Mauch (Feb 18)
- Re: JunOS NTP - Re: OpenNTPProject.org John Kristoff (Feb 18)
- Re: JunOS NTP - Re: OpenNTPProject.org Mark Tinka (Feb 18)
- Re: OpenNTPProject.org Mark Tinka (Feb 16)
- Re: OpenNTPProject.org Harlan Stenn (Feb 17)
- Re: OpenNTPProject.org Brian Rak (Feb 17)