csf blocking udp port 123 (ntp)

Post Reply
jef_cb
Junior Member
Posts: 1
Joined: 19 Oct 2020, 11:13

csf blocking udp port 123 (ntp)

Post by jef_cb »

Hi,

We are having a strange problem since about a couple of weeks now (nothing changed since it was working as it should)
csf is blocking udp in for port 123 when we use nl.pool.ntp.org , whenever we use another ntp server there is no problem at all.
Because ntp.org uses loads of different servers, it's no option whitelisting them (as they change as well: new servers added, old servers removed)
Also: opening up 123udp-in for the world is obviously no option (udp123 out is open of course).

Anyone has any idea's on this (why it's hapening? is it a bug?, anyone else having this problem?)

our log shows:

kernel: Firewall: *UDP_IN Blocked* IN=ens192 OUT= MAC=XX:50:XX:XX:71:XX:XX:11:bc:XX:88:XX:XX:XX SRC=AAA.BBB.55.20 DST=AAA.BBB.62.131 LEN=76 TOS=0x00 PREC=0x00 TTL=59 ID=12423 DF PROTO=UDP SPT=123 DPT=123 LEN=56

it's doing this for different ip's right after we restart ntpd, we suspect some kind of burst rate being tripped, but we can't find the value in csf

thanks,
Jef
Post Reply