Submitted by Piete Brooks on Mon, 24/02/2014 - 13:41
With the new routers, Lab machines lost the ability to NTP probe machines on the internet, as we lost stateful UDP reflexive rules.
With the recent NTP amplification attacks, we have added rules which mean that machines on the internet cannot NTP probe most Lab machines (our NTP servers should still be accessible).
Peerings (where source and destination ports are both 123) should still work.