diff --git a/salt/firewall/init.sls b/salt/firewall/init.sls
index 6b3a43a6e..c9618554d 100644
--- a/salt/firewall/init.sls
+++ b/salt/firewall/init.sls
@@ -120,6 +120,15 @@ enable_docker_user_established:
   {% endfor %}
 {% endfor %}
 
+# Block icmp timestamp response
+block_icmp_timestamp_reply:
+  iptables.append:
+    - table: filter
+    - chain: OUTPUT
+    - jump: DROP
+    - proto: icmp
+    - icmp-type: 'timestamp-reply'
+
 # Make the input policy send stuff that doesn't match to be logged and dropped
 iptables_drop_all_the_things:
   iptables.append:
diff --git a/salt/salt/init.sls b/salt/salt/init.sls
index 2caae81cd..18be055db 100644
--- a/salt/salt/init.sls
+++ b/salt/salt/init.sls
@@ -11,3 +11,9 @@ salt_bootstrap:
     - name: /usr/sbin/bootstrap-salt.sh
     - source: salt://salt/scripts/bootstrap-salt.sh
     - mode: 755
+
+{% if grains.os == 'CentOS'  %}
+remove_salt-2019-2-5.repo:
+  file.absent:
+    - name: /etc/yum.repos.d/salt-2019-2-5.repo
+{% endif %}
\ No newline at end of file