On Jun 6, 2011, at 11:55, Anssi Johansson wrote: >> ip6tables on Linux doesn't seem to have state tracking and it appears I >> messed up the firewall rules a bit. I realized it last night actually as I >> was going to bed, but it was already crazy o'clock. I will get them fixed >> within an hour or so. > > Right, that one bit me as well when I was setting up my firewalls. CentOS 5.6 > doesn't have a stateful IPv6 firewall, but the upcoming CentOS 6 release is > supposed to be better in this regard.
I actually have Redhat EL licenses (courtesy of Redhat) that we use; but there isn't a good (remote) upgrade path so we won't get RHEL 6 on those servers until they're replaced most likely. On Jun 6, 2011, at 12:41, Chuck Swiger wrote: > You almost certainly don't want to be implementing stateful rules for NTP > traffic; you'll fill up the state table with lots of entries for no benefit, > as UDP isn't stateful. For an NTP server; sure - but in this case it's just a client of a few thousand servers so it's not really a big strain to keep that bit of state. - ask _______________________________________________ pool mailing list pool@lists.ntp.org http://lists.ntp.org/listinfo/pool