Commit 63bdc827 authored by amnesia's avatar amnesia
Browse files

set time with NTP, add firewall bypass rule

parent eba4abb1
# /etc/default/openntpd
# Uncomment to set the system time when starting in case the offset
# between the local clock and the servers is more than 180 seconds.
# For other options, see man ntpd(8).
DAEMON_OPTS="-s"
......@@ -12,8 +12,12 @@
[0:0] -A OUTPUT -d 172.16.0.0/255.240.0.0 -j ACCEPT
[0:0] -A OUTPUT -d 127.0.0.0/255.0.0.0 -j ACCEPT
# Tor is allowed to do anything it wants to, everything else is dropped.
# Tor is allowed to do anything it wants to.
[0:0] -A OUTPUT -m owner --uid-owner debian-tor -j ACCEPT
# openntpd is allowed to services listening on the ntp port.
[0:0] -A OUTPUT -m owner --uid-owner ntpd -p TCP --dport ntp -j ACCEPT
[0:0] -A OUTPUT -m owner --uid-owner ntpd -p UDP --dport ntp -j ACCEPT
# Everything else is dropped.
[0:0] -A OUTPUT -j REJECT --reject-with icmp-port-unreachable
COMMIT
......@@ -33,6 +37,9 @@ COMMIT
# Tor is allowed to do anything it wants to.
[0:0] -A OUTPUT -m owner --uid-owner debian-tor -j RETURN
# openntpd is allowed to services listening on the ntp port.
[0:0] -A OUTPUT -m owner --uid-owner ntpd -p TCP --dport ntp -j RETURN
[0:0] -A OUTPUT -m owner --uid-owner ntpd -p UDP --dport ntp -j RETURN
# .onion mapped addresses redirection to Tor.
[0:0] -A OUTPUT -d 127.192.0.0/255.192.0.0 -p tcp -m tcp -j DNAT --to-destination 127.0.0.1:9040
......
......@@ -54,6 +54,7 @@ network-manager-openvpn
network-manager-openvpn-gnome
ntfs-3g
ntfsprogs
openntpd
openoffice.org
openoffice.org-hyphenation-en-us
openoffice.org-thesaurus-en-us
......
......@@ -13,3 +13,5 @@ NTP software to bypass Tor forwarding in the firewall.
The OpenBSD NTP daemon seems like a nice and trustworthy
implementation of the NTP protocol; it is
[packaged](http://packages.debian.org/lenny/openntpd) in Debian Lenny.
[[!tag done]]
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment