Re: Why not filter by comparison?
Set your firewall ip to block all ip address irrespective of port and protocol, and then only allow UK University's, like Manchester's for example, your time server will still get hacked, at least mine have. That tells me even the UK Uni's various systems have been hacked, unless GCHQ are injecting hacks.
There is one point worth making though, unless you are a target, which I am due to my uncle being Keith Rose whose used to supply GCHQ with telecoms equipment and who famously broke out of Parkhurst embarrassing the Govt before further embarrassing them again by bypassing the phone security in prison to do a live radio interview, why would they hack you and expose their abilities?
Not everyone will see these hacks, but the bugs which are backdoors in your opensource software are numerous. Log everything and hash all files, dont even trust read only filesystems!
Have disposable internet connected servers and unencrypted packet data on all your internal main servers and log the packets, dont even trust your workstations if they connect online to encrypted websites then you can reduce the hacks to your system.