I'm worried about excessive NTPD activity in the security log on a freshly installed system. I have the following ntpd settings in /etc/rc.conf:
The configuration file /etc/ntp.conf has not changed, it is the same as it was when the system was installed.
My ipfw settings for NTPD are as follows:
As a result, in /var/log/security, I see massive constant appeals of the freshly established system to various servers through port 123 (here's an example in a couple of minutes, 111.222.333.444 is me):
Q: Is this NTPD activity normal? Are my IPFW settings for NTPD sufficient and safe?
Code:
ntp_leapfile_expiry_days=30
ntp_leapfile_fetch_opts="-mq"
ntp_leapfile_fetch_verbose="NO"
ntp_leapfile_sources="https://www.ietf.org/timezones/data/leap-seconds.list"
ntpd_enable="YES"
# ntpd_sync_on_start="YES"
The configuration file /etc/ntp.conf has not changed, it is the same as it was when the system was installed.
My ipfw settings for NTPD are as follows:
Code:
# outbound
/sbin/ipfw -q add allow log udp from any to any 123 out via $extif keep-state # ntpd
/sbin/ipfw -q add deny log all from any to any out via $extif
As a result, in /var/log/security, I see massive constant appeals of the freshly established system to various servers through port 123 (here's an example in a couple of minutes, 111.222.333.444 is me):
Code:
May 15 21:58:30 test kernel: ipfw: 600 Accept UDP 111.222.333.444:123 116.203.244.102:123 out via vtnet0
May 15 21:58:30 test kernel: ipfw: 600 Accept UDP 116.203.244.102:123 111.222.333.444:123 in via vtnet0
May 15 21:58:31 test kernel: ipfw: 600 Accept UDP 111.222.333.444:123 85.214.38.116:123 out via vtnet0
May 15 21:58:31 test kernel: ipfw: 600 Accept UDP 85.214.38.116:123 111.222.333.444:123 in via vtnet0
May 15 21:58:32 test kernel: ipfw: 600 Accept UDP 111.222.333.444:123 91.107.199.28:123 out via vtnet0
May 15 21:58:32 test kernel: ipfw: 600 Accept UDP 91.107.199.28:123 111.222.333.444:123 in via vtnet0
May 15 21:58:33 test kernel: ipfw: 600 Accept UDP 111.222.333.444:123 129.250.35.250:123 out via vtnet0
May 15 21:58:33 test kernel: ipfw: 600 Accept UDP 129.250.35.250:123 111.222.333.444:123 in via vtnet0
May 15 21:58:34 test kernel: ipfw: 600 Accept UDP 111.222.333.444:123 85.214.127.75:123 out via vtnet0
May 15 21:58:34 test kernel: ipfw: 600 Accept UDP 85.214.127.75:123 111.222.333.444:123 in via vtnet0
May 15 21:58:37 test kernel: ipfw: 600 Accept UDP 111.222.333.444:123 51.75.67.47:123 out via vtnet0
May 15 21:58:37 test kernel: ipfw: 600 Accept UDP 51.75.67.47:123 111.222.333.444:123 in via vtnet0
May 15 21:58:38 test kernel: ipfw: 600 Accept UDP 111.222.333.444:123 212.18.3.19:123 out via vtnet0
May 15 21:58:38 test kernel: ipfw: 600 Accept UDP 212.18.3.19:123 111.222.333.444:123 in via vtnet0
May 15 21:58:42 test kernel: ipfw: 600 Accept UDP 111.222.333.444:123 188.40.142.18:123 out via vtnet0
May 15 21:58:42 test kernel: ipfw: 600 Accept UDP 188.40.142.18:123 111.222.333.444:123 in via vtnet0
May 15 21:59:37 test kernel: ipfw: 600 Accept UDP 111.222.333.444:123 116.203.244.102:123 out via vtnet0
May 15 21:59:37 test kernel: ipfw: 600 Accept UDP 116.203.244.102:123 111.222.333.444:123 in via vtnet0
May 15 21:59:38 test kernel: ipfw: 600 Accept UDP 111.222.333.444:123 85.214.38.116:123 out via vtnet0
May 15 21:59:38 test kernel: ipfw: 600 Accept UDP 85.214.38.116:123 111.222.333.444:123 in via vtnet0
May 15 21:59:40 test kernel: ipfw: 600 Accept UDP 111.222.333.444:123 85.214.127.75:123 out via vtnet0
May 15 21:59:40 test kernel: ipfw: 600 Accept UDP 111.222.333.444:123 91.107.199.28:123 out via vtnet0
May 15 21:59:40 test kernel: ipfw: 600 Accept UDP 91.107.199.28:123 111.222.333.444:123 in via vtnet0
May 15 21:59:40 test kernel: ipfw: 600 Accept UDP 85.214.127.75:123 111.222.333.444:123 in via vtnet0
May 15 21:59:41 test kernel: ipfw: 600 Accept UDP 111.222.333.444:123 129.250.35.250:123 out via vtnet0
May 15 21:59:41 test kernel: ipfw: 600 Accept UDP 129.250.35.250:123 111.222.333.444:123 in via vtnet0
May 15 21:59:43 test kernel: ipfw: 600 Accept UDP 111.222.333.444:123 51.75.67.47:123 out via vtnet0
May 15 21:59:43 test kernel: ipfw: 600 Accept UDP 51.75.67.47:123 111.222.333.444:123 in via vtnet0
May 15 21:59:47 test kernel: ipfw: 600 Accept UDP 111.222.333.444:123 212.18.3.19:123 out via vtnet0
May 15 21:59:47 test kernel: ipfw: 600 Accept UDP 212.18.3.19:123 111.222.333.444:123 in via vtnet0
May 15 21:59:48 test kernel: ipfw: 600 Accept UDP 111.222.333.444:123 188.40.142.18:123 out via vtnet0
May 15 21:59:48 test kernel: ipfw: 600 Accept UDP 188.40.142.18:123 111.222.333.444:123 in via vtnet0
Q: Is this NTPD activity normal? Are my IPFW settings for NTPD sufficient and safe?